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[57] ABSTRACT 

The present invention is a method and apparatus for effec- 
tuating bilateral buyer-driven commerce. The present inven- 
tion allows prospective buyers of goods and services to 
communicate a binding purchase ofiFer globally to potential 
sellers, for sellers conveniently to search for relevant buyer 
purchase offers, and for sellers potentially to bind a buyer to 
a contract based on the buyer's purchase oflfer. In a preferred 
embodiment, the apparatus of the present invention includes 
a controller which receives binding purchase offers from 
prospective buyers. The controller makes purchase offers 
available globally to potential sellers. Potential sellers then 
have the option to accept a purchase offer and thus bind the 
corresponding buyer to a contract. The method and appara- 
tus of the present invention have applications on the Internet 
as well as conventional communications systems such as 
voice telephony. 

44 Claims, 20 Drawing Sheets 
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METHOD AND APPARATUS FOR A 
CRYPTOGRAPHICALLY ASSISTED 
COMMERCIAL NETWORK SYSTEM 
DESIGNED TO FACILFTATE BUYER- 
DRIVEN CONDITIONAL PURCHASE 
OFFERS 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The method and apparatus of the present invention relate 
to electronic contract applications using electronic networks. 

2. Background 

There are dozens of different buyer-seller protocols in use 
today. However, almost all of those systems are seller-driven 
in the sense that they focus on the methods and processes 
available to the seller, allowing him to price, package or 
configure goods and services more effectively. Stores, 
catalogs, classified advertisements, telemarketing, auction 
houses, even on-line computerized reservation systems such 
as SABRE, are all seller-driven. Traditionally, it is the 
seller's job to attract buyers and then to complete the sale. 
Thus, in a seller-driven system, the advertising cost of the 
transaction and the attendant risks that such advertising will 
be unsuccessful falls upon the seller. 

Most goods and services sold at retail are done so using 
a general seller-driven protocol whereby the seller sets a 
price and the buyer decides whether or not to accept that 
price. Prices foi some services, such as airline tickets, might 
change frequently, but the buyer must still wait for the seller 
to offer a price he finds acceptable. Obviously, some forms 
of commerce offer far more give and take with offers and 
counteroffers being exchanged, however the vast majority of 
retail purchases utilize seller-driven, fixed-price, non- 
negotiable pricing protocols. 

Auctions are probably the most frequently used system 
whereby prices are not fixed by the seller. Here too, the 
system is seller-driven. The buyer does not find the seller, 
rather the seller attracts numerous buyers who. as a group, 
determine the final selling price — which the seUer may 
subsequently reject unless the item auctioned is being sold 
without a reserve. 

Even on-line reservation systems are seUer-driven. Airline 
reservation systems such as SABRE are in the business of 
constantly posting airfares. Travel agents and consumers are 
on the bid side of the process. However, since they cannot 
communicate their bids to the airlines, they must wait until 
an "asked" fare is quoted which meets their needs. 

Other commerce systems are exchange-driven. These 
systems, such as NASDAQ or the New York Stock 
Exchange (NYSE) match buyers and sellers by offering an 
efEcient. fair and orderly marketplace. They favor neither 
buyers nor sellers, but singly effectuate communications 
that allow for the matching process to take place. An 
example of an automated exchange-driven commerce sys- 
tem for trading futures is disclosed in U.S. Pat. No. 4,903, 
201. 

A buyer-driven system is one in which buyers find sellers, 
such as a "wanted to buy" classified ad. A help wanted ad is 
a buyer-driven inquiry since the employer is looking to 
locate and buy the services of a qualified en^loyee. The 
inquiry is advertised to a large number of potential "sellers," 
a number of which may respond by submitting their resumes 
to the prospective employer. 

Buyer-driven systems yield certain benefits and efficien- 
cies that other commerce systems do not. Buyers using such 
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a system can exercise more control over the terms and 
conditions of their purchases. Additionally, when a large 
number of potential sellers exist, but those sellers do not 
have the resources to advertise globally, it makes sense for 

5 buyers, if they can. to take the initiative in communicating 
its needs to the sellers. 

Currently, there exist certain unilateral buyer-driven sys- 
tems of commerce. A good example of such a system is the 
typical reward system wherein a "buyer" broadcasts/ 

10 publishes an offer for a reward to anyone who completes a 
particular task. That type of system is unilateral because the 
offer can only be accepted by performance of the designated 
task. Thus, unilateral systems can be utilized only for limited 
types of transactions which allow for acceptance by peifor- 

15 mance. 

Bilateral buyer-driven systems seek to consummate con- 
tracts between buyers and sellers based on mutual promises 
to perform. Bilateral buyer-driven systems, however, cur- 
rently represent an extremely small portion of overall com- 

^° merce due to a variety of factors. First, and perhaps 
foremost, buyers generally either cannot or do not want to 
invest the time, money or other resources required to locate 
an indefinite number of potential sellers and communicate 
the buyer's purchasing needs to each of the potential sellers. 
This is especially true of the individual consumer who often 
cannot afford to pay substantial transaction costs. 

For example, an individual seeking car repair services 
generally would not want to contact every single repair shop 
and communicate details of his repair needs to each. The 
benefits to the consumer from doing so (e.g., achieving a 
lower price) would be vastly outweighed by the amount of 
time and money expended in the effort. 
Also, buyer-driven systems are not prevalent because 

35 buyers do not want to be inundated with numerous offers 
from potential sellers, many of whom may be marginal or 
unqualified (e.g. a thousand real estate brokers or car dealers 
all calling one buyer). Buyer-driven systems impose inher- 
ent costs on sellers as well. If each buyer has a different set 
of purchasing specifications and communicates his needs 
using non-uniform language, sellers must pay a substantial 
cost even to review and understand each individual request. 
Mcieover, sellers are often not amenable to customizing 
their products for individual buyers. 

45 As a rule, the greater the number and complexity of the 
buyer's purchase conditions, the more difBcult it is to have 
a buyer-driven market, since advertising costs generally rise 
with the number of conditions that must be communicated, 
and the potential number of sellers who can understand and 

50 fuUUl increasingly conylex conditions usually declines. 
Buyer-driven markets function best when there is a well- 
defined purchase need, when a "brand" provides quality 
assurance to the buyer such as the name of a major airline 
carrier or when the item is a commodity such as oil or coal. 

55 An exait5>le of a regularly used bilateral buyer-driven 
process is the system utilized by large organizations such as 
companies or governments which want to purchase signifi- 
cant amounts of goods or services at the lowest possible 
price. To begin, they fcffmulate a detailed written specifica- 

60 tion setting forth the quantities and requirements of what 
they are looking to buy. This document is typically called a 
"Request for Proposal" (RFP). Once finalized, RFPs are then 
distributed to a list of known potential suppliers. H the value 
of the RFP is high enough, as it is might be with a large 

65 government contract, the buyer may bear the added expense 
of trjing to attract the widest number of sellers by paying to 
publish the RFP in newspapers and trade magazines. 



to invest the necessary time and effort to submit a formal 
proposal. Typically, some number of suppliers submit bind- 
ing proposals to the buyer by a deadline established in the 5 
RFP. Once submitted, proposals are then evaluated by the 
buyer. One proposal is usually selected and the correspond- 
ing supplier notilied that it has "won" the business at the 
price quoted. 

Large organizations can take advantage of the benefits jg 
afforded by the RFP process because their volume buying 
represents a worthwhile opportunity for suppliers to com- 
pete for their business. They also have the resources to 
communicate their buying needs to a sufficient number of 
suppliers. As a result, they can often achieve substantial unit ^ ^ 
cost savings, especially on commodities or commodity 
services (such as paper clips or long distance service) and on 
perishable items (such as airline tickets and hotel rooms). 

Individual consumers cannot effectively participate in 
such bilateral buyer-driven systems because they generally ^ 
do not have the buying power and resources of large 
organizations. Some consumers have found ways to group 
together in order to achieve some measure of the volume 
buying power enjoyed by large organizations. Many 
consumers, however, are deterred from joining buying 25 
groups because of the groups' various requirements and 
limitations. 

As commerce seeks to utilize the inherent advantages of 
the Internet, many types of coimnerce systems, such as 
malls, catalogs and auction house, are being implemented on 30 
the Internet These approaches generally seek to CTcate better 
seller or exchange-driven systems whereby the sale of goods 
and services is made more efEcient. 

While there have been some attempts to use the Internet 
to effectuate bilateral buyer-driven transactions, those 35 
attempts have been largely unsuccessful. Currently, there are 
"bulletin board" type sites on the Internet where buyers can 
post "wanted" advertising at little or no cost Thus, any 
consumer could post his own RFP looking for companies 
wiUing to sell him the exact airline tickets they are looking 40 
to buy or a particular car with specified options included. 
Because Internet postings are global, the buyer theoretically 
has the ability to communicate his RFP to a large number of 
potential sellers. In practice, however, this process is inef- 
fective as a buyer-driven system of commerce because 45 
potential sellers generally do not frequent the various "bul- 
letin board" sites ot respond to the individual RFPs. 

Sellers are deterred from using such a process because 
there is no guarantee of the authenticity of Bie RFP, fee cost 
of negotiating with individual consumers is often too high, 50 
and it is difficult to enforce any agreement (including 
payment guarantees) which may be reached between the 
consumer and the seller. Additionally, "bulletin boards" 
containing RFPs are scattered across the Internet making it 
difScult if not impossible, for sellers to find relevant RFPs. 55 
Finally, when analyzing the RFPs that are posted on the 
Internet sellers are confronted by an almost overwhelming 
number of different formats, conditions, terms, and language 
styles in the RFPs. Sellers must spend a large amount of time 
and money even simply to understand the prospective buy- 60 
er's needs and the legal ramifications of the particular 
language used in each RFP. In sum. buyer RFPs posted on 
the Internet represent too much uncertainty for sellers. 
Sellers are not willing to spend the tinse and money finding 
and pursuing Internet RFPs. In turn. Uie absence of a critical 65 
mass of sellers reduces the incentive for buyers to post their 
RFPs. 



Accordingly, there is a need for a centralized buyer-driven 
system of bilateral electronic commerce capable of being 
utilized by even small consumers to communicate their 
purchasing needs globally to potential sellers which 
addresses the deficiencies of the prior art The advantages of 
such a system are manifold. It is the only way for a buyer 
eflSciently to reach a large market of potential sellers. It also 
allows the buyer to set the terms he is willing to accept As 
an additional advantage, it gives the sellers an indication of 
the state of the market for their product. Finally, since this 
technology is electronically based, costs are kept to a 
imnimum. 

A key element necessary to achieve a critical mass of 
seller participation in such a bilateral electronic buyer- 
driven system is the seller's ability to bind a buyer to a legal 
contract under the terms of the buyer's posted offer. In 
contrast to a non-binding request for proposal, a binding 
offer from a buyer is attractive to potential sellers because it 
sets out each and every term and condition under which the 
buyer will allow himself to be bound. Potential sellers do not 
need to worry about the costs of negotiating terms of sale 
with the individual buyer because the buyer has laid out all 
such terms in his offer. Additionally, allowing a seller to bind 
the buyer on the front end of the transaction will alleviate 
some seller concerns regarding enforcement because the 
seller has the opportunity to bind the buyer to a legally 
enforceable contact 

In order to understand the requirements necessary to form 
binding contracts through electronic commerce, a review of 
the current state of contract law is necessary. 

Basic Contract Law 

The formation of a legally binding contract requires three 
elements: offer, acceptance, and consideration. Put another 
way. an essential prerequisite to the formation of a contract 
is an agreement: a mutual manifestation of assent to the 
same terms. This mutual assent is established by a process 
of offer and acceptance. Further legal requirements are 
in^osed by the Stamte of Frauds, where applicable. 

An offer has been defined as a manifestation of intent to 
act or refrain from acting in a specified way. so made as to 
justify a promise in understanding that a commitment has 
been made. A number of kinds of expressions border on. but 
are not promises. The most important of these in the context 
of electronic commerce is a solicitation of an offer. For 
example, a clothing store advertisement of Brand X suit for 
$150 "today only" does not constitute an offer. The adver- 
tisement is merely an invitation to make an offer. Since the 
store has not specified a quantity nor included any language 
of commitment an advertisement of this kind is only a 
statement of intention to sell or a preliminary proposal 
inviting offers. Similarly, the RFPs discussed above are 
merely solicitations of offers rather than bindable offers. 

An offer may be accepted by any person in whom the 
power of acceptance is created. Because the offeror is the 
master of his offer, he confrols the person or persons in 
whom a power of acceptance may be created. The identity 
of the offerees is determined by the reasonable person test 
Thus, for example, it has been determined that a reward offer 
may ordinarily be accepted by anyone who knows of the 
offer, but once the offer has been accepted, no one else may 
accept On the other hand, ao offer to pay a sum of money 
to anyone who is willing to sell an 1869 Morgan Silver 
Dollar in M69 condition may be accepted by anyone who 
knows of the offer and by any number of persons. 
EssentiaUy. the language of the offer determines to whom it 
is offered and who may accept it Thus, by wording an offer 



5.794.207 

5 6 

appropriately, it can be directed to a number of persons but methods of attribution or authentication. Once questions of 

capable of acceptance by only one. attribution are resolved, and subject to considerations about 

Under the doctrine of consideration, the third of the three the Statute of Frauds and the like, no requirement exists in 

basic elements of contract formation, gratuitous promises law that a contract offer be in writing or that there be a 

are not enforced. This doctrine does not pose any difBculties 5 conscious, immediate intent to make a binding commitment, 

in the context of electronic commerce. Contract rules provide that acceptance must be made in 

In order judicially to enforce a contract, the Statute of the manner specificaUy required by the offeror. However, if 

Frauds requires that a party produce a written copy of it. no specification of the method for acceptance is made in the 

However, the rule is only invoked if the contract is of a originating offer, acceptance may be in any manner and by 

certain type, such as a contract for the sale of real properly. ^° any medium reasonable under the circumstances. Thus. 

The primary purpose of this rule is to obviate perjury. The acceptance by electronic message should be valid, 

result is that oral contracts are often unenforceable. A further consideration in electronic commerce is the 

However, because this often leads to unjust results, courts Statute of Frauds. In transactions involving a sale of goods 

are construing it narrowly and policy makers are lobbying for the price of $500 or more. U.C.C. Section 2-201 requires: 

for its repeal. (1) a writing; (2) containing a quantity term; (3) sufEcient to 

Electronic Contracting Law and the Current State of the indicate that a contract has been made; (4) signed by the 

Art party against whom enforcement is sought. In the EDI 

With the advent of new technology, methods of doing context, this presents problems in reference to the existence 

business are rapidly expanding. These new methods chal- of a "writing" and in the requirement of a "signature" by the 

lenge traditional contract principles, which are premised on party against whom enforcement is sought. U.C.C. Section 

personal contact and paper contracts. Thus, some legal 1-201(46) defines "writing" to include "printing, typewriting 

issues in the field of electronic commerce remain unre- or any other intentional reducUon to tangible form." The 

solved. critical aspect of this definition deals with the reduction of 

One such technology is known as EDL or electronic data «he agreement to tangible form. The purpose of requiring a 

interchange. It is known that, using EDI. one party can wn'ing ^ enforce a contract is to ensure some minimum 

transfer information and legally relevant "documents" elec- level of proof of intent and avoid the risk of an entirely 

tronicaUy to another for direct processing in the other party's conjectural debate regarding the existence or scope of the 

information systems. agreement The sufficiency of an electronic message as a 

Most EDI environments involve ongoing relationships 3^ "writing" under toe Statute of Frauds depends on Uie manner 

between companies engaged in a supply or similar contract which one finds the message stored or produced. Case law 

that extends over tii^e In current practice, many EDI g^^^ally supports the idea that a telex or telegram satisfies 

exchanges occur under broader contacts regulating the ^e wntmg requirement, although it may leave unanswered 

terms of the relationship between the two parties. These may whether the wnting contains a proper signature, 

be in the nature of requirements or franchise contracts. As 35 Of course, the writing requirement can be satisfied by 

applied directly to the EDI aspects of the relationship, the other means. For example, if the electronic agreement is 

agreements are typically described as "trading partner" followed up by a letter or if the system routinely yields 

agreements. These agreements deal with under what terms, printed output, the requirement should be satisfied. But apart 

conditions, and limitations the EDI system will be employed from a printed ouq)Ut at the receiving point or in a functional 

to make or accept orders and. ideaUy. to define the legal ^ acknowledgment returned after receipt, the enforceability of 

consequences of the electronic exchanges between the par- a purely electronic contract depends on how the computer 

ties to the trading agreement. Although this technology may system retains records of the transmitted offer (or 

also be used for isolated or intermittent transactions between acceptance) and whether a court will accept the idea that 

people who have no direct prior dealings, it has not been electronic records reduce the message to tangible form, 

used for global/non-personal buyer-driven offers. 45 The Statute of Frauds' signature requirement also leaves 

EDI has not yet been the subject of much "lawmaking." ambiguity about the legality of EDI-generated contracts. 

The evolution of EDI law has been primarily in commercial U.C.C. Section 1-201 (39) defines "signed" as including any 

experimentation and model trading partner contract "symbol executed ot adopted by a party with present inten- 

development, seeking an optimal contract structure for EDI tion to authenticate a writing." Authentication here indicates 

use. Little reported litigation deals with EDI relationships. 50 signer assents to the writing and adopts it as his own. 

Thus, the legal issues raised by this technology are largely As a result, an arrangement in which the transmitting party 

unresolved. includes otherwise not routine or required elements, codes 

Despite the uncertainty, when an exchange occurs in a or other indicia to confirm the authenticity of the message 

purely electronic environment, the threshold legal determi- should satisfy the signature requirement. Ordinary EDI 

nation revolves around whether the electronic messages 55 P^c^ce often requires such authentication code or symbol 

establishes an offer and acceptance given the absence of as a matter of course to maintain the security of the system 

documentation and in the case of EDL the absence of human itself, and this also seems to satisfy the Statute of Frauds 

decisions in the automated exchange. problem. 

The exchange of electronic messages that offer and accept Indeed, authentication systems have been developed spe- 
a contractaal relationship should form a contract with 60 ciflcaUy to ensure the enforceability of electronic contracts, 
respect to the specific order. An offer consists of an expres- One such method of authenticating electronic contracts in 
sion of a wiUingness to enter a contract when that expression order to make them legally enforceable is disclosed in U.S. 
occurs in a form sufficiently concrete to establish that Pat. No. 5.191.613. That system utilizes, among other 
agreement. Under this doctrine, an electronic message may techniques, digital signatures to authenticate electronic con- 
constitute the necessary expression of intent. Problems exist 65 tracts. 

where unauthorized people or inaccurate information trigger As discussed above, attribution via authentication is 

an offer from a system. These problems could be solved by extremely in^ortant to creating binding contracts in a buyer- 
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driven system of electronic commerce involving global 
posting of purchase offers — ^it is essential to the signature 
requirement of the Statute of Frauds. Authentication may 
become even more important In the future, if fsoposed 
U.C.C. revisions are implemented. For example. Proposed 
U.C.C. Section 2-212 states that an electronically formed 
contract is legally binding if the message is authenticated by 
a procedure previously agreed to by the parties. 

Moreover, a bilateral buyer-driven system of commerce 
which authenticates the terms and conditions of buyer offers 
will be more likely to attract the attention of potential sellers, 
because they are assured of the legitimacy of the offer. 

There is also a need for a third paity to administer such a 
bilateral buyer-driven system. The third party can serve as a 
trusted arbitrator available to resolve contract disputes 
between the parties and thereby increase buyer and seller 
confidence in the system. Additionally, the third party can 
establish standard protocols, formats, terms and language to 
be used in buyer offers and thus make it easier for sellers to 
understand and assess individual offers. Finally, the third 
party can administer a site on the Internet where buyers can 
post their purchase offers and sellers can go to review the 
posted offers. Having all offers in a centralized location 
makes it easier for sellers to search for relevant purchase 
offers. 

The applicant is unaware of the existence of any 
commercially-viable bilateral buyer-driven commerce sys- 
tem which contains the above features and addresses the 
above-described shortcomings in the prior art. Therefwe. it 
is one object of the present invention to set forth a system of 
bilateral buyer-driven electronic commerce that offers the 
capability for individual buyers to issue autfaenticatable 
messages which contain die tenas of a purchase offer and 
publish that purchase offer globally to potential sellers. 

Another object of the present invention is to allow a seller 
who meets the terms of the purchase offer to bind the buyer 
to accept the seUer's fulfillment of that offer. 

Yet another object of the present invention is to allow flie 
seller to be able to collect funds immediately upon his 
acceptance of the buyer's terms as set forth in the purchase 

tt is a further object of the present invention to allow for 
a trusted third-party administrator whose decision regarding 
the fulfillment, adequacy or interpretation of any aspect of 
the process shall be binding on the parties. 

It is another object of the present invention to aUow the 
seller to receive part of his payment upon agreeing to the 
buyer's purchase offer, and a subsequent payment upon 
delivery of the goods or services called for in the buyer's 
purchase offer. 

It is yet another object of the present invention to aUow 
either buyers or sellers to remain anonymous up until such 
time as an agreement is consummated and for buyers to 
remain anonymous even after the agreement is consum- 
mated by using the trusted third-party as a relay system for 
delivery of goods or services called for by the buyer's 
purchase offer. 

A further object of the present invention is to ensure that 
buyers using the inventive system are not inundated with 
inquiries or acceptances from unqualified sellers. 

Yet a further object of the invention is to provide a system 
in which the identity of the buyer is authenticated along with 
the integrity of the buyer's purchase offer. 

Another object of the invention is to provide a system in 
which the identity of the seller is authenticated in order to 
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determine the seller's capacity to satisfy the conditions of 
the purchase offer. 

It is another object of the present invention to allow sellers 
to submit authenticatable counteroffers to the buyer. 
^ Yet another object of the present invention is that such 
counteroffers may allow the buyer to bind the seller to the 
counteroffer, subject to the authenticatable terms of that 
counteroffer. 

It is a further object of the present invention to allow for 
delivery of digitally-based products such as certificates of 
insurance from the seller to the buyer according to the terms 
of the buyer's purchase offer and the cryptographic valida- 
tion of such delivery. 

It is another object of the present invention to allow for 
purchase offers where more than one seller may bind the 
buyer to the purchase offer. 

Another object of the present invention is to show how all 
or part of the system can be practiced using non-electronic 
2c means such as printed media or advertisements in newspa- 
pers. 

These and other objects of the invention will be apparent 
to those skilled in the art from the following detailed 
description of the invention, the accompanying drawings 
25 and the appended claims. 

SUMMARY OF THE INVENTION 
In a preferred embodiment, the present invention provides 
a method and apparatus fw prospective buyers of goods or 

3Q services to communicate a binding purchase offer globally to 
potential sellers, for sellers conveniently to search for rel- 
evant buyer purchase offers, and for sellers to bind a buyer 
to a contract based on the buyer's purchase offer. 
Additionally, the {^esent invention can effectuate perfor- 

35 mance of tiie agreement between the buyer and seller by 
guaranteeing buyer payment for the purchase. The present 
invention is therefore a highly effective bilateral buyCT- 
driven commerce system which imix'oves the ability of 
buya-s to reach sellers capable of satisfying the buyers' 

40 purchasing needs and improves sellers' ability to identify 
interested buyers. 

In one embodiment of this invention, communications 
between buyers and sellers are conducted using an electronic 
network and central controller. A buyer who wishes to make 

45 a purchase accesses the central controller located at a remote 
server. The buyer will then create a conditional purchase 
offer ("CPO") by specifying the subject of the goods he 
wishes to purchase, a description of the goods he wishes to 
obtain, and any other conditions die buyer requires. For 

50 example, a typical CPO could specify that the buyer wants 
to purchase a block of four airline tickets from Chicago's 
O'Hare Airport to Dallas, Tex., the tickets must be from any 
of the six laigest U.S. carriers, the buyer is willing to diange 
planes no more than once so long as the scheduled layover 

55 is less than two hours, and tfie buyer is wiUing to pay $180 
per ticket, plus any applicable taxes. 

The buyer then attaches a user identification to the CPO 
and transmits the CPO to the central controller. Under the 
present invention, the CPO may be transmitted via numer- 

60 ous means including a world-wide-web interface, electronic 
mail, voice mail, facsimile, or postal mail. Standard legal 
provisions and language are then integrated with the CPO to 
"fill in the gaps" of the buyer's purchase offer. Alternatively, 
the CPO may be developed while the buyer is on-line with 

65 the central controller. 

Before coimnunicating the CPO to potential sellers, the 
central controller authenticates the buyer's identification 
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number against a buyer database. The central controUer may Anonymity is another advantage of the present ir 

require that the buyer provide a credit card number and may For numerous privacy and competitive reasons, buyers and 

also ensure that the buyer has sufHcient credit available to sellers often prefer not to have their identities revealed to the 

cover the purchase price specified in the CPO by contacting general public when engaging in commercial transactions, 
the credit card clearinghouse. The central controller then 5 The present invention effectuates the anonymity of buyers 

assigns a unique tracking number to the CPO and globally and sellers through the use of identification numbers stored 

displays the CPO in a manner such that it is available to be in a database secured by the central controller, 

viewed by any interested potential sellers. CPOs may be one embodiment of the present invention divides the 

displayed by subject category to make it easier for potential functionality of the central controller into three components 
seLers to identify relevant CPOs. Thus, a seUer could log lO and embodies them in three separate servers: an operations 

onto a website, for example, and see a listing of CPO subject server, a trusted server, and a bonding agency. The trusted 

categories. The seller could then choose a particular subject server authenticates the identity of buyers and sellers while 

and have the ability to browse CPOs which correspond to the bonding agency verifies their ability to pay or deUver 

diat subject category. In one embodiment, the seller may be goods. The operations server posts the CPO, relying upon 
required to provide qualifications in order to view the CPOs 15 messages from the other two servers for validation. This 

of a given subject category. configuration allows for greater specialization of the servers. 

If. after reviewing a particular CPO. a potential seller Another embodiment of the present invention does not 

wishes to accept the CPO. the seller communicates his intent require a transfer of money from a buyer to a seller. Instead, 

to the central controller. The central controller then times- the system may be used to consummate a contract involving 
tamps the message from the seller and authenticates toe ^° an exchange of goods, services, or otoer non-monetary 

identity of the seller and his capacity to deliver the goods consideration. 

sought by the buyer. The system then verifies that toe FinaUy, an embodiment of die present invention includes 

particular CPO is still "active" and capable of being ^ mechanism for resolving disputes between buyers and 

accepted. If a CPO is capable of being accepted only by one ^^y^j.^ ^^^^^^ of agreements consummated using the 
seller, it is "conq)leted" when toe first qualified seller accepts ^ system. The parties may be required In CPOs to stipulate to 

it. Subsequent sellers will not be able to accept a "com- binding arbitration and may be assisted in the arbitration 

pleted" CPO. If a seller accepts an active CPO, a unique process by toe central controUer, The central controller may 

tracking number is assigned to toe seller' s acceptance. The serve as an arbitrator or may refer the dispute to a toird-party 

acceptance is toen stored in a database. The buyer and seller arbitrator for resolution. 

are now parties to a legally binding contract. 30 ^^^^^ ^^^^^^^ accomplishes, which no pre- 

In another embodiment, the central controUer manages y^Q^^^ system has done before, is literaUy to hai^ buyer 

toe payment system between toe buyer and seller automati- ^ongy ^ "clotoesline" for seUers to see. Attached to toe 

caUy. Various metoods of payment may be utilized by toe j^^^y ^ ^^te describing what toe seUer has to agree to do 

invention, including credit cards, personal checks, elecfronic ju taie toe money down off the clotoesline. There 

funds transfer, debit cards, and digital cash. The payment uncertainty or waste of time on toe part of the seUer. 

system may also involve toe use of an escrow account He knows toat if he can meet toe conditions set forth by toe 

associated wito toe buyer wherein funds advanced by toe i^^yg^ j,e immediately close toe sale and get paid for it. 

buyer to cover toe purchase of a desired good can be kept hassles. No negotiations. 

pending acceptance by a qualified seUer Moreover, toe invention also aUows buyers to reach a large number 

nming of payment to toe seller can be varied. The seUer can ^^^^^^^j j^^^j^ ^^^^^^ ^^^j ^^^^ ^ 

be paid immediately after the seUer accepts the CPO or ^ ^t be able to provide 

payment can be delayed until after the seUer performs his ^^y^ buyer desires. For instance, 

obligations under toe contract, ^^^jg^j be toe case for a car buyer who could precisely 

In yet anotoer embodiment of toe present invention, a define toe car and option packages he wanted for a specified 

seUer is given toe option to respond to a CPO by issuing a prfce. The present invention aUows such a buyer to issue a 

binding counteroflFer wito conditions different from toe binding purchase offer which is globally communicated to 

original CPO. The seller transmits the counteroffer to toe autoorized dealers in toe U.S.. Any one of toose dealers 

central controUer which then forwards toe counteroffer to could then decide wheteer or not to accept the offer. The 

toe buyer. The buyer is toen given toe option of accepting toe buyer's advantage is particularly significant when toe sellers 

counteroffer and toereby bindii^ the seUer to a contract. of products sought by toe buyer have no inventory carrying 

The present invention can also be practiced in off-line costs, as is toe case wito insurance sales. Insurance buyers 

embodiments. Instead of using elecfronic maU or web-based could use the present invention to cast a wide net to reach 

servers, buyers and seUers may communicate wito toe thousands of potential insurance seUers and potentially find 
central confroUer via telephone, facsimile, postal mail, or 55 a seUer willing to satisfy toe buyer's spedfled purchase 

anotoer off-line communication tool. For example, buyers conditions. 

may use telephones to create CPOs (with or witooiit toe n is a goal of toe jwesent invention to provide a robust 

assistance of live agents) and potential seUers may use a system which matches buyers' requirements wito sellers 

telephone to browse and bind CPOs. capable of satisfying toose requirements. The invention 
In anotoer on-line embodiment, cryptographic protocols 60 provides a global bilateral buyer-driven system for creating 

are used to autoenticate toe identity of buyers and/or seUers binding contracts incorporating various methods of 

and verify toe integrity of buyer and seUer communications communication, commerce and security for the buyer and 

with the central controller. Using cryptography and toe seUer, The power of a central confroUer to field binding 

biometrics, toe cental confroUer can make it significantly offers from buyers, communicate toose offers gJobaUy in a 
more difBcult for unautoorized persons to tamper wito toe 65 format which can be efSciently accessed and analyzed by 

system by passing themselves off as legitimate buyers or potential sellers, effectuate performance of resulting 

seUers or eavesdropping on system communications. conttacts. resolve disputes arising from toose c< 
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n billing, collection, authentication, and anonymity offers, make them available to potential sellers, and allow 

makes the present invention an improvement over conven- sellers to bind the offers to form a legally binding contract, 

tional systems. As shown in FIG. 2, central controller 200 includes 

BRIEF DESCRimON OF THE DRAWINGS 5 p f^^^'f pAf. ^STn"^ '^'°SX^P^%m>cjs<x 210. 

5 RAM 215. ROM 220. payment processor 230. clock 235. 

FIG. 1 illustrates a first embodiment of the present inven- operating system 240. network interface 245. and data 

tion. storage device 250. 

FIG. 2 is a block diagram showing one embodiment of the A conventional personal computer or computer worksta- 

central controller. tion with sufficient memory and processing capability may 

FIG. 3 is a block diagram showing one embodiment of the be used as central controller 200. In one embodiment it 

seller interface. operates as a web server, both receiving and transmitting 

FIG. 4 is a block diagram showing one embodiment of the ^POs 100 generated by buyers. Central controUer 200 must 

buyer interface ^ capable of high volume transaction processing, perform- 

FIG. 5 illustrates an embodiment showing how a condi- 15 '""^ " "8'^'^'^'^* °^ imfteimtical calculations in 

tional purchase offer is generated. processmg communications and database searches. A Pen- 

„„, .„ , , ^. .. . . . tium microprocessor such as the 100 MHz P54C. commonly 

FIG. 6 Illustrates an embc^ent showing the acceptance n^^facured by Intel Inc., may be used for CPU 205. This 

of a condiuonal purchase offer by the central controller. processor employs a 32-bit architecture. Equivalent proces- 

FIG. 7 iUustrates an embodiment showing the activation sors include the Motorola 120 MHz PowerPC 604 or Sun 

of a conditional purchase offer. ^ Microsystems 166 MHz UltraSPARC-I. 

FIG. 8 illustrates one embodiment of the maintenance of An MC68HC16 microcontroller, commonly manufac- 

active conditional purchase offers. ,ured by Motwola Inc.. may be used for cryptographic 

FIG. 9 illustrates an embodiment showing the seUer processor 210. Equivalent processors may also be used. This 

selecting a conditional purchase offer. microconteoller utilizes a 16-bit multiply-and-accumulate 

FIGS. 10 and 11 Illustrate an embodiment showing the instruction in the 16 MHz configuration and requires less 

binding of a conditional purchase offer. than one second to perform a 512-bit RSA private key 

FIG. 12 illustrates an exemplary procedure for exchang- operation. Cryptogra{*ic processor 210 supports the aulhen- 

ing goods and payment between buyer and seller. tication of coimnunications from both buyers and sellers, as 

FIG. 13 illustrates an exemplary payment method. 30 ^ allowing for anonymous transactions. Cryptographic 

FIGS. 14 through 17 iUustrate an exemplary authentica- f^^""^ "^1"^'° configured as part of CPU 205. 

tion procedure us£g cryptographic protocols. commercially avadable specialized «yPt0S-aphic 

crr-c ia a 'J^^^^ , ^ ^ processors include VLSI Technology's 33 MHz 6868 or 

HGS. 18 and 19 illustrate an exemplary embodiment for Semaphore Communications' 40 MHz Roadrunner284. 

counteroffers by a seller. ^ . . ™^ « 
t:^^ •., ^ . .. .. ^35 Refemng again to FIG. 2, payment processor 230 com- 

no. 20 IUustrates an embodmient showing the use of a ^ses one or Lie conventional micr(5rocessors (such as 

trusted server and a bonding agency. y^^y ^^mmm), supporting the transfer and exchange of 

payments, charges, or debits, attendant to the method of the 
apparatus. Payment processor 230 may also be configured as 
40 part of CPU 205. Processing of credit card transactions by 
The method and apparatus of the present invention will payment processor 230 may be supported with commer- 
now be discussed with reference to FIGS. 1. 2, 3. and 4. In ciaUy available software, such as the Secure Webserver 
a preferred embodiment, the present invention includes manufactured by Open Market, Inc. This server software 
central controUer 200. seUer interface 300. buyer interface transmits credit card numbers electronicaUy over the Inter- 
400. and associated databases. The present Invention net to servers located at the Open Market headquarters 
receives conditional purchase offers from buyers, makes where card verification and processing is handled. Their 
them available for viewing by potential seUers. and aUows Integrated Commerce Service provides back-office services 
seUers to bind them. Thus, a buyer is able to communicate necessary to run Web-based businesses. Services include 
his commitment to foUow through on an offer to a seller. on-Une account statements, order-taking and credit card 
giving the seller confidence that if he can produce the goods. ^ payment authorization, credit card settlement, automated 
the buyer has the ready capacity to pay. sales tax calculations, digital receipt generation. account- 
System Architecture based purchase tracking, and payment aggregation for low- 
The system architecture of a first embodiment of the priced services, 
apparatus and method of the present invention is iUusfrated Data storage device 250 may include hard disk magnetic 
with reference to FIGS. 1 through 4. As shown in FIG. 1. the 55 or optical storage units, as well as CD-ROM drives or flash 
apparatus of the present invention con^scs seUer interface memory. Data storage device 250 contains databases used in 
300. central controller 200. and buyer interface 400 the processing of transactions in the present invention. 
(coUectively the "nodes")- Each node is connected via an including buyer database 255. seUer database 260, CPO 
Internet connection using a pubUc switched phone network. database 2«5. counteroffo: database 267. seUer response 
such as those provided by a local or regional telephone 60 daUbase 270. purchase confirmation database 275. contract 
operating company. Connection may also be provided by detail database 280, payment database 285, cryptographic 
dedicated data lines. ceUular, Personal Communication Sys- key database 290. and audit database 295. In a preferred 
tems ("PCS"), microwave, or sateUite networks. SeUer inter- embodiment database software sudi as Oracle?, manufac- 
face 300 and buyer interface 400 are the input and output tured by Oracle Corporation, is used to create and manage 
gateways for communications wife central controUer 200. 65 these databases. Data storage device 250 also stores infor- 
Using the above components, the present invention pro- mation pertaining to buyer account 297. seUer account 298, 
vides a method and apparatus to post conditional purchase and escrow account 299. 
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Buyer database 255 maintains data on buyers with fields 
such as name, address, credit card number, phone number, 
ID number, social security number, electronic mail address, 
credit history, past system usage, public/private key 
information, etc. This information is obtained when the 
buyer first registers with the system, or immediately prior to 
posting his first CPO 100. Buyer database 255 also contains 
the tracking number of each CPO 100 generated by the 
buyer, and the tracking number of each seller response 110 
and counteroffer 140 directed to the buyer's CPOs 100. 

Seller database 260 maintains data on sellers with fields 
such as name, contact information, public/private key 
information, payment preferences, type of business, and 
goods sold. Contact information comprises a phone number, 
web page URL. bulletin board address, pager number, 
telephone number, electronic mail address, voice mail 
address, facsimile number, or any other way to contact the 
seller. Upon registration, the seller may be required to 
demonstrate evidence of ability to deliver on bound CPOs 
100. An airline, for example, might submit a listing of the 
city pairs they service so that central confroller 200 can 
quickly determine whether the airline is capable of satisfy- 
ing a given CPO 100. 

CPO database 265 tracks aU CPOs 100 with fields such as 
status, tracking number, date. time, subject, price, expiration 
date, conditions, and buyer identification number. This data- 
base is valuable in the event of disputes between buyers and 
sellers regarding payment, because details of the contract 
can be produced. CPO database 265 may also store bond 
certificate 172. 

CounterofiFer database 267 tracks all counteroffers 140. 
The structure of this database is identical to CPO database 
265. except for the addition of a field for CPO tracking 
number which allows counteroffer 140 to be correlated with 
a particular CPO 100. 

Seller response database 270 tracks all seller responses 
110 with fields such as seller name, seller ID number, date, 
time, seller response tracking number, and associated CPO 
tracking number. 

Purchase confirmation database 275 tracks the messages 
sent to the buyer and seller confirming completed transac- 
tions (bound contracts). Fields include buyer name, buyer ID 
number, seller name, seller ED number, piffchase confirma- 
tion tracking number, and associated CPO tracking number. 

Contract detail database 280 contains form background 
provisions for inclusion in CPOs 100. These form provisions 
effectively fill the gaps between conditions specified by the 
buyer, specifying the generic contract details common to 
most CPOs 100. 

Payment database 285 tracks all payments made by the 
buyers with fields such as buyer name, buyer ID number, 
amount of payment, and associated CPO tracking number. 
This database may also store credit card numbers of buyers. 

Ciyptographic key database 290 facilitates cryptographic 
functions, storing both symmetric and asymmetric keys. 
These keys are used by cryptographic processor 210 for 
encrypting and decrypting CPOs 100. seller responses 110, 
purchase confirmations 120. counteroffers 140. and buyer 
responses 150. 

Audit database 295 stores transactional information relat- 
ing to the posting of CPOs lOO. allowing it to be retrieved 
for later analysis. 

Buyer account 297 tracks all information pertaining to the 
buyer's account with fields such as buyer's name, bank and 
credit account numbers, and debit or credit transactions. 
This account may be a pointer to account data stared at the 
buyer's bank. 
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Seller account 298 tracks all information pertaining to the 
seller's account with fields such as seller's name, bank and 
credit account numbers, and debit or credit transactions. 
Buyer payments for CPOs 100 may be sent to this account. 
5 Escrow account 299 is an account which temporarily 
holds buyer funds before they are placed in seller account 
298. 

Network interface 245 is the gateway to communicate 
with buyers and sellers through respective buyer interface 

'° 400 and seller interface 300. Conventional internal or exter- 
nal modems may serve as network interface 245. Network 
interface 245 supports modems at a range of baud rates from 
1200 upward, but may combine such inputs into a Tl or T3 
line if more bandwidth is required. In a preferred 
embodiment, network interface 245 is connected with the 
Internet and/or any of the commercial on-line services such 
as America Online. CompuServe, or Prodigy, allowing buy- 
ers and sellers access from a wide range of on-line connec- 
tions. Several coiiunercial electronic mail servars include 

^° the above functionality. NCD Software manufactures 
"Post.OflSce," a secure server-based electronic mail software 
package designed to link people and information over enter- 
prise networks and the Internet. The product is platform 
independent and utilizes open standards based on Internet 
protocols. Users can exchange messages with enclosures 
such as files, graphics, video and audio. The system also 
supports multiple languages. Alternatively, network inter- 
face 245 may be configured as a voice mail interface, web 
site. BBS. or electronic mail address. 

While the above embodiment describes a single con^uter 
acting as central controller 200. those skilled in die art will 
realize that the functionality can be distributed over a 
plurality of computers. In one embodiment, central control- 

35 let 200 is configured in a distributed architecture, wherein 
the databases and processors are housed in separate units or 
locations. Some controllers perform the primary processing 
functions and contain at a minimum RAM. ROM, and a 
general fH-ocessor. Each of these controllers is attached to a 

^ WAN hub which serves as the primary communication link 
with the other controllers and interface devices. The WAN 
hub may have minimal processing capability itself, serving 
primarily as a communications router. Those skilled in the 
art will appreciate that an ahnost unlimited number of 
controllers may be supported This arrangement yields a 
more dynamic and flexible system, less prone to catastrophic 
hardware failures affecting the entire system. The trusted 
server embodiment provides more details of such a distrib- 
uted environment, describing operations server 160. trusted 
server 165, and bonding agency 170. The hardware of these 
servers would be configured similarly to that described for 
central controller 200. 

FIGS. 3 and 4 describe seller interface 300 and buyer 
interface 400, respectively. In an exemplary embodiment 

55 they are both conventional personal coniputers having an 
input device, such as a keyboard, mouse, or conventional 
voice recognition software package; a display device, such 
as a video monitor, a processing device such as a CPU; and 
a network interface such as a modem. These devices inter- 

^ face with central controller 200. Alternatively, seller inter- 
face 300 and buyer interface 400 may also be voice mail 
systems, or other electronic or voice communications sys- 
tems. As will be described further in the following 
embodiments, devices such as fax machines or pagers are 

55 also suitable interface devices. 

Referring now to FIG. 3. there is described seller interface 
300 which includes central processor (CPU) 305. RAM 315. 
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ROM 320. clock 335, video driver 325. video monitor 330. 
communication port 340, input device 345. modem 350, and 
data storage device 360. Cryptographic processor 335 and 
biometric device 355 may be added for stronger authenti- 
cation as described later. A Pentium jniCToprocessor such as 
the 100 MHz P54C described above may be used for CPU 
305. Clock: 335 is a standard chip-based clocli which can 
serve to timestan^ seller response 110 or counteroffer 140 
produced with seller interface 300. 

Modem 350 may not require high-speed data transfer if 
most seller responses 110 and counteroffers 140 produced 
are text-based and not too long. If a cryptographic processor 
is required, the MC68HC16 microcontroUer described 
above is used. The structure of biometric device 355 will be 
described below in conjunction with the cryptographic 
authentication embodiment. 

Data storage device 360 is a conventional magnetic-based 
hard disk storage unit such as those manufactured by Conner 
Peripherals. Message database 370 may be used for 
archiving seller responses 110 and counteroffers 140. while 
audit database 380 may be used for recording payment 
records and communications with central controller 200. 

Referring now to FIG. 4. there is described buyer inter- 
face 400 which includes central processor (CPU) 405. RAM 
415. ROM 420. clock 435, video driver 425, video monitor 
430. cryptographic processor 435. communication port 440. 
input device 445. modem 450. and data storage device 460. 
All of these components may be identical to those described 
in no. 3. 

There are many commercial software applications that 
can enable the communications required by seller interface 
300 or buyer interface 400, the primary functionality being 
message creation and transmission. Eudora Pro manufac- 
tured by Qualcomm Incorporated, for example, provides 
editing tools for the creation of messages as weU as the 
communications tools to route the message to the appropri- 
ate electronic address. When central controller 200 is con- 
figured as a web server, conventional communications soft- 
ware such as the Netscape navigator web browser from 
Netscape Corporation may also be used. The buyer and 
seller may use the Netscape Navigatw browser to transmit 
CPO 100. seller response 110 or counteroffers 140. No 
proprietary software is required. 

Online Embodiment 

In one embodiment of the present invention, conmiuni- 
cations between buyers and seUers take place via electronic 
networks, with central controller 200 acting as a web server. 
The buyer logs on to central controller 200. creates CPO 
100. and then disconnects from the network. CPO 100 is 
made available to potential buyers by posting CPO 100 on 
the web page of central controller 200. Periodic maintenance 
is performed by central controller 200 to ensure that active 
CPOs 100 have not expired, and that the buyer has sufficient 
credit available to pay a seller who elects to bind CPO 100. 
Seller responses 110 are transmitted electronically to central 
controller 200 which contacts the buyer to indicate that CPO 
100 has been bound. Central controller 200 transfers credit 
card information to the seller as soon as CPO 100 is bound. 

With reference to HG. 5. there is described the process by 
which the buyer formulates CPO 100. At step 500. the buyer 
logs on to central controller 200 using buyer modem 450 of 
buyer interface 400. establishing a con3munication link. B 
should be noted that (he buyer may be an individual, a 
corporation, a partnership, a goverimient, or any other entity. 
In one embodiment, central controller 200 has a page on the 
world wide web, allowing the buyer to provide infcHToation 



16 

through the interface of conventional web browser software 
such as Netscape Navigator, manufactured by Netscape. Inc. 
At step 510. the buyer selects the subject of the goods he 
wants to purchase by selecting from a list of possible 

5 subjects. As shown in box 515, subjects might include 
airline tickets, hotel rooms, rental cars, insurance, 
mortgages, clolhing. etc. After the subject is selected, a form 
is displayed on video monitor 430 of buyer interface 400, 
This form is an electronic contract with a number of blanks 

jQ to be filled out by the buyer, with each blank representing a 
condition of CPO 100. 

At step 520. the buyer enters a description of the goods. 
A business traveler, for example, might want to fly from San 
Francisco to New York. The description of the goods might 

15 be two first class round-trip tickets between those city pairs, 
leaving May 7 and returning May 1 2. There would be a place 
on the form for originating city, destination city, date of 
departure, date of return, number of tickets, class of service, 
etc. The buyer simply fills in the blanks. The buyer then adds 

20 other conditions at step 530, The buyer, for example, may 
only want a nonstop ticket on a flight arriving at the 
destination city before midnight. These conditions would be 
similarly entered into CPO 100. As indicated in box 535, 
conditions could include the provision that a flight must 

25 arrive before midnight, a hotel room must be non-smoking, 
or a rental car must not be a compact. Conditions are the 
terms of CPO 100, aUowing the buyer to tailor CPO 100 for 
his specific needs. Conditions may also be based on other 
conditions. For example, one condition might state that four 

30 out of five other specified conditions must be met. 
Alternatively, each condition of CPO 100 could be given a 
point value, with CPO 100 requiring only that conditions be 
satisfied up to a certain total point value. For example, the 
buyer may indicate that a window seat is worth two points, 

35 an aisle seat one point, a nonstop flight four points, etc. CPO 
100 could require that ten "points" must be met in order to 
satisfy the conditions of CPO 100, Conditions could also 
indicate fliat for twenty-four hours following the first 
attempted binding of CPO 100, other sellers may make 

40 offers to bind, with the original binding seller completing the 
contract only if no better ofi'er has been received. Conditions 
could even be based on external events. For example, the 
buyer could create CPO 100 which offered to buy airline 
tickets only in the event that it was snowing in November in 

45 the destination city. 

At step 540, the buyer adds an expiration date to CPO 
100, if desired. This allows a buyer to post CPO 100 wifiiout 
worrying that he will later be bound aftw his needs have 
changed. At step 550. tiie buyer enters a pice. In a CPO 100 

50 for a rental car, for example, the buyer may enter a price of 
fifty dollars for a three day rental. At step 560. the buyer 
attaches his name or a unique user ID number to CPO 100. 
This ID number is received from central controller 200 when 
the buyer registers for the savice. or is chosen by the buyer 

55 and then registered with central controller 200 by phone. 
Central controller 200 maintains a database of buyer ID 
numbers in buyer database 255. and issues (or allows) only 
unique numbers. If less security is required, the user's 
telephone number could serve as the ID number since it has 

60 the advantages of being both unique and easily remembered. 
If additional security is required, those procedures described 
in the cryptographic embodiment may be implemented. 

Once the above elements have been developed, the buyer 
transmits tiiem to central controUer 200 at step 570. The 

65 buyer does this by clicking on a "send" button located on the 
screen in which he entered tiie terms of CPO 100. At step 
580, boilerplate legal language is added to the components 
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of CPO 100 to form a complete CPO 100. The legal all CPO 100s must be written in. or translating to the 

language is pulled from contract detail database 280 which language most appropriate for the sellers to which it will be 

stores a plurality of paragraphs. These paragraphs are linked sent. This translation is provided by language experts at 

together with the above contract elements to form a com- central controller 200, or by automatic translation software 

plete CPO 100. The only element missing which prevents 5 such as Systran Professional, manufactured by Systran Soft- 

CPO 100 from being recognized as a legitimate contract is ware. Twelve bi-directional language combinations are 

the name and signature of the seller. available, including English to/from French. Italian. 

Instead of a world wide web-based interface, buyers may German, Spanish, Portuguese, and Japanese. Another step, if 

also transmit CPO 100 data via electronic mail, voice mail. necessary, is to edit for spelling or grammatical errors. CPO 

facsimile, or postal mail transmissions. With voice mail, the ^ 100 might also be reviewed for clarity. Any CPO 100 with 

buyer calls central controller 200 and leaves CPO 100 in an unclear term or condition would be returned to the buyer 

audio form These CPOs 100 may be transcribed into digital for clarification. A buyer listing a destination city of 

text at central controUer 200, or made avaUable to potential "Chiisago" might have CPO 100 returned for clariflcadon or 

sellers in the same audio format. In a postal mail correction. 

embodiment, central controller 200 acts more like a router, Referring again to FIG. 7, the status of the database record 

directing CPOs 100 to the potential sellers, creating multiple for CPO 100 is set to "active" at step 730. At step 740, the 

copies of CPO 100 if necessary. CPO 100 may also be subject of CPO 100 is extracted from the subject field. At 

posted to bulletin boards or web pages operated by central step 750. CPO 100 is posted in an appropriate subject area, 

controller 200. Central controller 200 supports a plurality of This allows central controller 200 to display CPO 100 only 

transmission methods, allowing for a wide variety of for- to the most ai^ropriate sellers. In a world wide web 

mats of CPOs 100. Some formats may be changed, however, environment, central controller 200 has a web page for each 

before further processing by central controller 200. CPOs possible subject area. Thus all CPOs 100 requesting airline 

100 transmitted by mail in paper form, for example, may be tickets would be displayed on the airline ticket web page, 

scanned-in and digitized, using optical character recognition This makes it much easier for potential sellers to find 

software to create digital text. These embodiments are more 25 appropiate CPOs 100 they might want to bind as they can 

fully described in the off-line embodiment described later. go right to the subject whose goods they can provide. In an 

Referring now to FIG. 6. CPO 100 is received and alternative embodiment. CPO 100 is electronically mailed to 

checked to see that sufBcient credit is available to cover the potential sellers, either individually or in groups. Potential 

stated price of CPO 100, before CPO 100 is made available sellers could elect to receive aU CPOs 100. only those CPOs 

to potential sellers. At step 600, central controUer 200 30 100 in their subject area, or a subset of CPOs 100 repre- 

extracts price and expiration date information from CPO senting a particular condition. For example, a car rental 

100. At step 610. payment processor 230 submits a pre- company might request that aU car rental CPOs 100 for 

authorization of the price of CPO 100 to the credit card luxury cars be sent to them. 

clearinghouse. This serves to "lock up" a portion of the In an embodiment in which CPOs 100 are being trans- 
available tredit on the buyer's credit card, preventing him 35 mitted to the seller, it is important to note that there are a 
from using up this credit while CPO 100 is still active. At number of hardware options for seller interface 300. Suitable 
step 620, the credit card clearinghouse responds to the seller interfaces 300 include fax machines, PDAs with 
fffe-authorization, indicating whether sufBcient credit is wireless connections, and beepers or pagers. For exan^jle, a 
available. If sufBcient funds are not available to cover the rare coin dealer could instruct central controller 200 to beep 
pice of CPO 100, another credit card number is requested 40 him whenever CPO 100 appeared for Morgan Silver Dollars, 
from the buyer at step 630. Once an additional credit card providing details of CPO 100 over the beeper network, or 
number has been transmitted, central controller 200 then informing the seller to log on to central controller 200 for 
resubmits the pre-authorizarion at step 610. At step 640, the further details. 

expiration date of CPO 100 is checked to see if it has already Referring now to FIG. 8, there is illustrated a procedure 

expired. If it has expired, CPO 100 is rejected at step 650 and 45 for the maintenance of CPOs 100. At step 800. central 

returned to the buyer. If CPO 100 has not yet expired, it is controller 200 searches CPO database 265. At step 810, the 

accepted at step 660. expiration date field of each database record of CPO 100 is 

Referring now to FIG. 7, there is illustrated an embodi- con:^)ared to the current date. If the expirarion date of CPO 

ment in which CPO 100 is activated and made available to 100 is earlier than the current date, the status of CPO 100 is 

potential sellers. At step 700, a unique tracking number is 50 changed to "expired" at step 820. At step 830, payment 

added to CPO 100. Central controller timestamps CPO 100 processor 230 contacts credit card clearinghouse to verify 

at step 710, and then stores CPO 100 in CPO database 265. that the buyer's credit card is still valid. If the card is not 

CPO database 265 contains a record for each CPO 100, and valid, the status of CPO 100 is changed to "expired" at step 

includes fields such as status, subject, fracking number, 840. The maintenance process is completed at step 850 once 

timestamp, description of goods, price, expiration date, 55 all "active" CPO 100 database records have been examined, 

conditions, and buyer ID number. The status field has values FIG. 9 illustrates the process by which a potential seller 

of "pending," "active." "expired," and "convicted." A status selects CPO 100. At step 900. the potential seller logs onto 

of 'pending" means that the CPO is not currently available central controller 200 using modem 350 of seller interface 

to potential sellers. Either it is still being processed by 300, At step MO, the potential seller selects an appropriate 

central controller 200. or it has been temporarily suspended 60 subject area. For example, a large Chicago hotel that had just 

by the buyer. An "active" CPO 100 is available to potential experienced the cancellation of a block of rooms for a 

sellers and can be bound. An "expired" CPO 100 can no convention might search in the hotel subject area in the 

longer be bound. CPOs 100 which have been bound by a hopes of finding a CPO 100 requesting a room in Chicago 

seller have a status of "completed." on those dates. At step 920. the potential seller browses the 

After being stored at step 720, CPO 100 may go through 65 list of available CPOs 100 (i.e. those with a status of 

a series of processing steps. One step, if necessary, is "active"). CPOs 100 may be listed with minimal details, 

language translation, either creating a standard language that with additional information available only if the potential 
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seOer is interested in binding CPO 100. A hotel CPO 100 
might be listed as "hotel — Sep. 16. 1996 — Chicago — single 
occupancy — $85." Apotential seller wanting more informa- 
tion about CPO 100 may request additional data at step 5M0. 
In one embodiment, each CPO 100 is hyperlinked to a 
separate web page which provides complete details. The 
potential seller elicits on CPO 100 and is immediately 
transferred to the page of supporting detail. This detail might 
include the required type of bed, fitness facilities, and 
restaurants. In another embodiment, CPO 100 is electroni- 
cally transmitted directly to the seller, via electronic mail, 
fax, telephone, beeper, etc. 

nOS. 10 and 11 illustrate the process by which CPO 100 
is bound by a seller. At step 1000. the potential seller selects 
CPO 100 which he would lilce to bind, developing seller 
response 110 which represents his intention to bind. At step 
1010, central controller 200 receives seller response 110 
from the potential seller. Central controller 200 then times- 
tamps seller response 110 and authenticates the identity of 
the seller, as well as verifying his probable capacity to 
deliver the goods. The timestamp allows central controller 
200 to determine the first unconditional acceptance to be 
received. If two seller responses 110 are received within a 
few seconds of each other, the timestamp allows central 
controller 200 to decide which was received first. 
Alternatively, the timestamp may be appended to seller 
response 110 at the time it is transmitted from seUer interface 
300, using clock 335 of seller interface 300. 

Authentication of the seller's identity involves central 
controller 200 extracting the seVier ID from seller response 
110 and looking up the seller's identity in seller database 
260. Information in seller database 260 then provides an 
indication of the seller's ability to deliver the goods. Before 
a seller can bind CPO 100 for an airline ticket, for exan^le, 
central controller 200 must autiienticate that the seller is an 
airline. Jf necessary, centra] controller 200 may verify that 
the seller can provide the specific good requested. Rather 
than just verifying that the seller is an airline, central 
controller 200 may verily that it serves the city pairs 
requested by the buyer. In another embodiment, the seller 
incorporates seller response 110 into CPO 100. signing CPO 
100 by adding an indication fliat the contract is agreed to. 
This indication could be a digital signature, or could involve 
adding a symbol or indicia representative of the seller. 

Central controller 200 then verifies the status of CPO 100 
at step 1030. determining whether or not the status of CPO 
100 is "active" at step 1040. If CPO 100 is currendy 
"active." a unique tracking number is added to seUer 
response 110 at step 1060. Central controller 200 then stores 
seller response 110 in seller response database 270 at step 
1070. If the status of CPO 100 is not "active" at step 1040, 
seller response 110 is refused by central controllra 200 and 
transmitted back to the potential seller at stqi 1050. 

In another embodiment, the seller transmits seller 
response 110 directly to the buyer at step 1010. The buyer 
may then send seller response 110 to central controller 200 
for verification and authentication, or he may choose to 
accept seller response 110 without verification and authen- 
tication. 

In FIG. 11. the payment process is begun at step 1100 
when the credit card number and approval code for the 
selected CPO 100 is transmitted to the seUer. At step 1110 
CPO 100 is bound, turning CPO 100 into a legaUy binding 
contract between the buyer and seller. The binding process 
requires that the status of CPO 100 be changed to 
"completed," preventing subsequent sellers from being able 
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to bind CPO 100. The binding process also requires that the 
seller ID be added to CPO 100. At step 1120. central 
controller 200 sends purchase confirmation 120 to the seller 
and then sends it to the buyer at step 1130. 

5 In another embodiment, multiple sellers may bind CPO 
100. In this case, CPO 100 may maintain its status of 
"active" until a given number of sellers have responded, and 
only then is the status of CPO 100 changed to "completed." 
For example, a rare coin dealer may post CPO 100 offering 

10 a hundred dollars for a specific type of coin. A condition of 
CPO 100 may state that the offer is open to the first ten 
sellers to respond, allowing for ten bindable contracts. 
Another option is to open CPO 100 to any number of 
bindings, or any number of bindings up to the funds avail- 
is able by the buyer. 

There are many methods by which the providers of the 
system could derive a revenue stream. In one embodiment, 
a flat fee is charged for every CPO 100 submitted. There 
could also be flat fees that would cover any number of CPOs 

^ 100 over a given period of time, allowing buyers to sub- 
scribe to the service much as they would subscribe to a 
newspaper. In another embodiment, central controller 200 
calculates a discounted value of the price in which sellers 
receive only a percentage of the price of CPO 100. In 
another embodiment, advertisers pay to have messages 
listed along with CPOs 100, supplementing the costs of 
operating the system. Alternatively, the method and appa- 
ratus of the present invention may be employed without a 
payment feature. 

FIG. 12 illustrates the exchange of goods between buyer 
and seller. At step 1200, the seller transfers the specified 
goods to the buyer. This transfer could involve the delivery 
of physical goods as well as digital goods. Physical goods 

j5 might include cars, jewelry, computer equipment, etc. Digi- 
tal goods might include documents, tickets, access codes, 
etc. A hotel, for example, might transfer a confirmation 
number to the buyer, to be presented upon check-in at the 
hotel. At step 1210. the buyer examines the delivered goods 

^ to see if they meet all conditions and terms of CPO 100. A 
buyer purchasing a hotel room, for example, would verify 
that toe room was for the correct date and was in the correct 
city. At step 1220, if the goods do not meet the buyer's 
conditions as described in CPO 100 the buyer contacts an 
arbiter at central controller 200 for dispute resolution. This 
process is described in more detail in the dispute resolution 
embodiment described later. At step 1240 the transaction is 
complete. 

Payment Preferences 

50 FIG. 13 illustrates a protocol in which central controller 
200 establishes buyer account 297. At step 1300. the buyer 
selects his preferred method of payment. Preferred methods 
might include credit cards, personal checks, electronic funds 
transfer, digital money, etc. At step 1310, the buyer transmits 

55 payment data coiresponding to his preferred method of 
payment to central controller 200. As indicated by box 1315. 
such payment data might include credit card number or bank 
account number. These payment methods are meant to be 
merely illustrative, however, as there arc many equivalent 

60 payment methods cotmnonly known in the art which may 
also be used. If the buyer wants to pay by credit card, for 
example, payment data would include his credit card 
account number, expiration date, name of issuing institution, 
and credit limit. For electronic funds transfer, payment data 

65 includes the name of the buyer's bank and his account 
number. At step 1320, central controller 200 stores payment 
data and payment preferences in payment database 285. 
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At step 1330. central controller 200 establishes buyer 
account 297 which either stores money transfened by the 
buyer or serves as a pointer to an account of the buyer 
outside the system. For buyers using credit cards, for 
example, buyer account 297 contains the credit card number, 
expkation date, and name of issuing institution. Buyers 
could also transfer money to central controller 200 to be 
stored in buyer account 297. which would operate like a 
conventional checking account. Central controller 200 
would send a check to the seller written on buyer account 
297. Alternatively, central controller 200 could electroni- 
cally move the fiinds directly from buyer account 297 to 
seller account 298. At step 1340. central controller 200 
contacts the bank or card issuer to confirm that funds are 
available. A buyer is thus unable to use a aedit card with no 
aedit available to establish buyer account 297. 

The above protocols may be similarly applied to sellers, 
allowing for the creation of seller account 298. The primary 
difference being that seller account 298 is primarily used for 
deposits, with money flowing from seller to buyer in the case 
of deposit returns or refunds when the buyer does not find 
the received goods acceptable. Verification of funds avail- 
able is therefore not as important for sellers. 

Although the on-line embodiment describes a protocol in 
which central controller 200 transmits aedit card informa- 
tion to the seller for processing, there are of course many 
payment protocols under which payment may be transferred 
from buyer to seller. In one embodiment, processing the 
credit card is performed by central controller 200, not the 
seller. Central controller 200 looks up the credit card number 
of the buyer in payment database 285. This credit card 
numba is transmitted to payment processor 230. Payment 
I»-ocessor 230 contacts the credit card clearinghouse to get 
an authorization number. The billable amount appears on the 
credit card statement of the buyer in his monthly statement. 
The clearinghouse posts this amount to seller account 298. 
Central controller 200 updates payment database 285 to 
indicate that payment has been made. Central controller 200 
could also arrange for payment to be made directly between 
buyer and seller by providing payment information to each 
party. The buyer, for example, might receive the checking 
account number of the seller. Account information could 
also be embedded into CPO 100 and seller response 110. 
allowing buyer and seller to complete payment once they 
each had a copy of CPO 100. 

Another method of payment involves procedures using 
digital cash. Central controller 200 looks up the buyer's 
electronic delivery address in payment database 285. This 
address is transmitted to payment processor 230, with the 
digital cash being downloaded from the buyer. Central 
controller 200 updates payment database 285 to indicate that 
payment has been made. This address might be an elecfronic 
mail address if the digital cash is to be transferred by 
electronic mail, or it could be an Internet Protocol address 
capable of accepting an on-line transfer of digital cash. This 
electronic delivery address is sent to payment processor 230. 
The digital cash is downloaded to seller account 298 or 
directly to the seller. Central controller 200 then updates 
payment database 285 to indicate that payment has been 
made. Using these digital cash protocols, it is possible for 
the buyer to include payment along with CPO 100 in 
electronic form 

The practice of using digital cash protocols to effect 
payment is well known in the art and need not be described 
here in detail. For reference, one of ordinary skill in the art 
may refer to Daniel C. Lynch and Leslie Lundquist, Digital 
Money, John Wiley & Sons. 1996; or Seth Godin. Presenting 
Digital Cash, Sams Net Publishing. 1995. 
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Delayed Payment Embodiment 

Although the on-line embodiment describes a protocol in 
which sellers receive payment immediately upon binding 
CPO 100, odier embodiments may be implemented in which 
5 payment is delayed until the goods have been received by 
the buyer, or delayed until some predetermined date. Partial 
payments and installment payments are also supported by 
the system 

Escrow account 299 allows payment to be delayed until 
'° the seller con^letes delivery of the goods, while at the same 
time ensuring that the buyer will in fact make payment. 
Central controller 200 establishes escrow account 299 as a 
temporary holding account. When the seller binds CPO 100 
at step 1110, funds are ttansferred from buyer account 297 
'5 to escrow account 299. Only after the goods have been 
received by the buyer are funds transferred from escrow 
account 299 to seller account 298. The buyer may transmit 
a digitally signed release message to cenfral controller 200, 
authorizing the release of the escrowed funds to the seller. 

In another embodiment, the buyer makes a partial pay- 
ment when CPO 100 is bound, and then completes payment 
when the goods are received. The fraction of the offered 
price of CPO 100 to be paid upon binding is a condition of 
CPO 100 and is stored in payment database 285 when CPO 
100 is bound. Central controller releases this portion of the 
funds at step 1110. and then releases the remaining portion 
after goods have been delivered at step 1200. The partial 
payment made upon binding may be non-refundable. This 
would allow a hotel, for example, to sell hotel room reser- 
^'^ vations that are cancelable on two days notice, with cancel- 
lations within the two day period resulting in forfeiture of 
deposit. 

In yet another embodiment, CPO 100 describes the use of 

3j installment payments. The first payment is made when CPO 
100 is bound, followed by regular payments as specified in 
the conditions of CPO 100. The dates at which payments are 
to be made are stored in payment database 285. 
Counteroffer Embodiment 

40 In one embodiment of the present invention, sellers 
respond to CPO 100 not by binding it, but by making a 
counteroffer with modified and/or additional conditions. An 
airline, for example, might view CPO 100 for a first class 
ticket for five hundred dollars. The airline may be willing to 

45 sell for six hundred dollars, and thus want to develop and 
issue a counteroffer rattier than electing to bind CPO 100. 
This counteroffer is similar to CPO 100 except that the buyer 
is binding the seller instead of the seller binding the buyer. 
The counteroffer is also directed to a specific party (the 

50 buyer), unlike CPO 100 which may be directed to a plurality 
of sellers. 

FIG. 18 illustrates the development of counteroffer 140. 
At step 1800, the potential seller selects CPO 100 for which 
he wants to make a counteroffer. At step 1810. the seller 

55 prepares counteroffer 140 with modified conditions. The 
seller follows the same p-ocess ttiat the buyer uses to 
generate CPO 100 (steps 500 through 580), selecting the 
conditions of counteroffer 140. Alternatively, the seller is 
presented with an electronic copy of CPO 100 and is allowed 

SO to edit those conditions that the seller wants to change. For 
example, a car rental company might take the buyer's 
request for a ten doUar per day luxury car and counteroffer 
with a twenty dollar per day compact car. At step 1820, the 
seller attaches the ttacldng number of CPO 100 to counter- 

65 offer 140. Central controller 200 receives counteroffer 140 at 
step 1830, setting the status to "active." Cenfral conttoUer 
200 then adds a unique tracking number to counteroffer 140 
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at step 1840. and stores it in counteroffer database 267 at 
step 1850. Central controller 200 extracts the tracking num- 
ber of CPO 100 attached to counteroffer 140 in order to find 
the buyer to whom counteroffer 140 is transmitted at step 
1860. 

FIG. 19 illustrates the process by which the buyer 
responds to counteroffer 140. At step 1900. the buyer 
decides whether or not to bind counteroffer 140. If he does 
not bind, counteroffer 140 is transmitted back to the poten- 
tial seller at step 1910. If the buyer does decide to bind, 
buyer response 150 is transmitted to central controller 200 at 
step 1920. At step 1930, finds are removed from buyer 
account 297 and placed in seller account 298, At step 1940, 
the status of counteroffer 140 is changed to "con^leted." 
Purchase confirmation 120 is transmitted to the seUer at step 
1950 and transmitted to the buyer at step 1960. Procedures 
for the exchange of goods are convicted as described in 
FIG. 12. 

Off-line Embodiment 

In one embodiment of the present invention, buyers and 
sellers communicate in an off-line manner with central 
controller 200. Rather than sending electronic mail or using 
web-based servers, buyers and sellers use a telephone, fax 
machine, postal mail, or other off-line communication tool. 

A buyer may use a telephone, for example, to generate 
CPO 100, The buyer calls central controUer 200 and is 
connected with an agent. The buyer provides the terms of 
CPO 100 such as subject, description of goods, conditions, 
expiration date, price, etc. The buyer also provides his buyer 
ID. password, or private key so that central controller 200 
can authenticate his identity. The agent puts this data into 
digital form by typing it into a terminal and then adds legal 
language to form CPO 100. CPO 100 is then transmitted to 
central controller 200 whcxe it is made available to potential 
sellers as described in the on-line embodiment. 

In an alto-native embodiment, the buyer calls central 
controller 200 and is connected with a conventional Inter- 
active Voice Response Unit (IVRU) which allows the buyer 
to enter some or all of the terms of CPO 100 without the 
assistance of a live agent. The buyer initiaUy selects from a 
menu of subjects using the touch-tone keys of his phone, and 
then the call is either directed to a live agent specializing in 
that subject area, or the buyer is proiiq)ted fc«r further terms 
of CPO 100. 

Potential sellers may also use a telq>hone to browse and 
bind CPOs 100. The potential seller calls central controller 
200 and selects a subject. Central controller 200 then con- 
verts the text of each CPO 100 into audio form, reading the 
entire list to the potential seller. At any time dining the 
reading of CPOs 100. the potential seller may p-ess a 
combination of keys on his telephone to select CPO 100 for 
binding. The seller enters seller ID number and is authen- 
ticated by central controller 200 priw to the binding of CPO 
100. Potential sellers could also enter parameters before 
having the list of CPOs 100 read to fliem. An airline, for 
example, might request that all airline CPOs 100 for more 
than eight hundred dollars be read, skipping any CPO 100 
with a lower price. 

Buyers may also communicate with an agent at central 
controller 200 through faxes or postal mail. The agent 
receives the message and proceeds to digitize it and fcam 
CPO 100 as described above. 

Cryptographic Authentication Embodiment 

In the previous embodiments, authentication of the txiyer 
and seller involves checking the attached ID or name and 
comparing it with those stored in seller database 260 and 
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buyer database 255. Although this procedure works well in 
a low security environment, it can be significantly improved 
through the use of cryptographic protocols. These protocols 
not only enhance the ability to authenticate the sender of a 
5 message, but also serve to verify the integrity of the message 
itself, proving that it has not been altered during transmis- 
sion. A small airline, for example, could be prevented from 
binding CPOs 100 requiring performance by a large carrier 
as their identity would not be authenticated. Encryption can 
also prevent eavesdroppers firom learning the contents of the 
message. A competing airline, for example, could be pre- 
vented from reading any intercepted seller response 110 
generated by another competitor. Such techniques shall be 
referred to generally as cryptographic assurance methods. 

J J and will include the use of both symmetric and asymmetric 
keys as well as digital signatures and hash algorithms. 

The practice of using cryptographic protocols to ensure 
the authenticity of senders as well as the integrity of mes- 
sages is well known in the art and need not be described here 

2Q in detail. For reference, one of ordinary skill in the art may 
refer to Bruce Schneier. Applied Cryptography, Protocols, 
Algorithms, And Source Code In C. (2d Ed. John Wiley & 
Sons. Inc., 1996). 

FIG. 14 describes a symmetric key embodiment in which 

25 the seller and central controUer 200 share a key. Thus both 
encryption and decryption of seller response 110 are per- 
formed with the same key. This encryption may be imple- 
mented with an algorithm such as DBS (U.S. Government 
standard, specified in FIPS PUB 46), or with any of several 

3Q algoridmis known in the art such as IDEA. Blowfish. RC4. 
RC2. SAFER, etc. The seller encrypts seller response 110 
with his assigned symmetric key at step 1400. using cryp- 
tographic processor 310 of seller interface 300. The key may 
be stored in message database 370 or otherwise stored or 

35 memorized by the seller. The encrypted seller response 110 
is then transmitted to cryptographic processor 210 of central 
controller 200 at step 1410. Cryptogr^hic processor 210 
extracts the seUer ID from seller response 110 at step 1420 
and looks up the symmetric key of the sella- in crjpto- 

40 graphic key database 290 at step 1430. decrypting seller 
response 110 with this key at step 1440. Ciyptographic key 
database 29* contains algcdthms and keys for encrypting, 
decrypting and/or authenticating messages. At step 1450. if 
the resulting message is intelligible, then it must have been 

45 enaypted by the same key. authenticating that the seller 
must have indeed been the authcx: of seller response 110. 

This procedure makes it significantly more difficult for an 
unauthorized seller to represent himself as a legitimate 
seller. Without ciyptographic procedures, an unauthorized 

50 seller who obtained a sample seller response 110 from a 
legitimate sella: would be able to extract flie seller ID and 
then attadi this ID number to unauthorized seUer responses 
110. When seller response 110 has been encrypted with a 
synmietric key. however, an unauthorized seller obtaining a 

55 saiiq)le seller response 110 only discovers the seller's ID 
number, not llie symmetric key. Without this key. the unau- 
thorized seller cannot create a seller response 110 that wiU 
not be discovered by central controller 200. since he cannot 
encrypt his message in the same way that the authorized 

60 seller could. The symmetric key protocol also ensures that 
seller response 110 has not been tampered with during 
transmission, since alteration of the message requires 
knowledge of the symmciric key. An encrypted seller 
response 110 also provides the seller with more anonymity. 

63 Referring now to FIG. 15. there is shown an asymmetric 
key protocol in which seller response 110 is encrypted with 
a private key and decrypted with a public key. Two such 



3.794.207 



25 

algorithms for this procedure are RSA and DSA. At step 
1500. the seller enoypts seller response 110 with his private 
key using cryptographic processor 310, transmitting seller 
response 110 to central controller 200 at step 1510. Cryp- 
tographic processor 210 extracts the seller ID at step 1520 
and looks up the seller's associated public key in crypto- 
graphic key database 299 at step 1530. decrypting seller 
response 110 with this public key at step 1540. As before, if 
seller response 110 Is intelligible then central controller 200 
has authenticated the seller at step 1550. Again, unautho- 
rized sellers obtaining seller response 110 before it was 
received by central controller 200 are not able to undetect- 
ably alter it since they do not know the private key of the 
seller. Unauthorized sellers would, however, be able to read 
the message if they managed to obtain the public key of the 
seller. Message secrecy is obtained if the seller encrypts 
seller response 110 with his public key, requiring the 
attacker to know the seller's private key to view seller 
response 110. 

FIG. 16 shows a cryptographic technique using digital 
signatures to provide authentication and message integrity. 
One such algorithm is DSA (Digital Signature Algorithm), 
the U.S. Government standard specified in FIPS PUB 186. 
As in the asymmetric protocol described above, each seller 
has an associated public and private key. The seller signs 
seller response 110 with his private key at step 1600 with 
cryptographic processor 310 and transmits it to central 
controller 200 at step 1610. Central controller cryptographic 
processor 210 extracts the seller ID at step 1620 and looks 
up the seller's public key at step 1630, verifying the signa- 
ture using seller response 110 and the public key of the seller 
at step 1640. If seUer response 110 is intelligible, then 
central controller 200 accepts seller response 110 as authen- 
tic at step 1650. 

Referring now to FIG. 17. there is described a crypto- 
graphic technique using message authentication codes for 
verifying the authenticity and integrity of seller response 
110. In the hash protocol of the present invention, the seller 
and central controller 200 share a synmietric key, which the 
seller includes in a hash of seller response 110 at step 1700. 
In the hash protocol, a one-way function is applied to the 
digital representation of seller response 110, generating a 
code that acts much like the fingerprint of seller response 
110. Any of the MAC algorithms, such as RIPE-MAC. 
IBC-Hash, CBC-MAC. and the like may be applied in this 
application. After transmitting seller response 110 to central 
controller 200 at step 1710. cryptographic processor 210 
extracts seller ID from seller response 110 at step 1720. Then 
cryptographic processor 210 looks up the seller's symmetric 
key at step 1730 and hashes seller response 110 with this 
symmetric key at step 1740. comparing the resulting hash 
value with the hash value attached to seller response 110. If 
the values match at step 1750. the integrity of seller response 
110 is verified along with the authenticity of flie seller. 

Although cryptographic techniques can provide greater 
confidence in the authenticity of seller response 110. they are 
useless if the seller's cryptographic keys are compromised. 
An attacker obtaining the symmetric key of another seller is 
indistinguishable from that seller in the eyes of central 
controller 200. There is no way to know whether the seller 
was the true author of seller response 110. or an attacker with 
the right cryptographic keys. One way to solve this problem 
(known as undetected substitution) is to use biometric 
devices such as a fingerprint reader, voice recognition 
system, retinal scanner and the Uke. These devices inccspo- 
rate a physical attribute of the seller into seller response 110. 
which is then compared with the value stored in seller 
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database 260 at central controller 200. In the present 
invention, such devices attach to seller interface 300. 

Fingerprint verification, for example, may be executed 
before the creation of seller response 110, during the gen- 
3 eration of seller response 110 in response to prompts from 
central controller 200, at some predetermined or random 
times, or continuously by incorporating the scanning lens 
into seller interface 300 such that the seUer is required to 
maintain his finger on the scanning lens at all times for 
continuous verification while seller response 1 0 is gener- 
ated. 

An example of such an identification device is the FClOO 
FINGERPRINT VERIFIER available from Startek, a Tai- 
wanese company. The FClOO is readily adaptable to any PC 
via an interiface card. The fingeiprint verifier utilizes an 
optical scanning lens. The seller places his finger on the lens, 
and the resulting image is scanned, digitized, and the data 
compressed and stored in memory. TVpically, a 256 byte file 
is all that is required. Each live-scan fingerprint is compared 
against the previously enrolled/stored template, stored in 
20 data storage device 360. If the prints do not match, the 
cryptographic algorithms executed by cryptographic proces- 
sor 335 may prevent the seller from generating a seller 
response 110. 

In a voice verification embodiment, the seller's voice is 

25 used to verily his identity. This embodiment has the advan- 
tage of not requiring the use of any specialized hardware 
since it can be implemented over a standard phone connec- 
tion. The seller's identity is verified at central computer 200. 
The process of obtaining a voice-print and subsequently 

30 using it to verify a person's identity is well-known in the art. 
and therefore need not be described in detail herein. One of 
ordinary skill in the art may refer to SpeakEZ, Inc. for voice 
identification/verification technology. Conventional speaker 
identification software samples the seller's voice. This 
sample is stored at central controller 200 in seller database 
260. Each time the seller wants to transmit seller response 
110 to central controller 200, he is required to call central 
controller 200 and speak into the phone at the prompt for a 
voice sample. If this sample matches that stored in seller 
database 260, the seller is provided a password which is 

* incorporated into the digital signature appended to seller 
response 110. Any seller response 110 received without an 
appropriate voice match password is not accepted. The 
voice-print may also be stored in a database within data 
storage device 360 of seller interface 300, to verify the 

45 seller's identity locally prior to allowing seller response 110 
to be created. 

Although the above cryptographic and biometric proto- 
cols describe the authentication and validation of seller 
response 110. they may be equally applied to the authenti- 

50 cation and validation of CPO 100, counteroffer 140, buyer 
response 150, purchase confirmation 120, or any other 
message or communication between buyers, sellers, and 
central controller 200. 

Anonymous Transactions Embodiment 

55 As mentioned previously, the present invention provides 
for the anonymity of both buyers and sellers. Such anonym- 
ity is accomplished by eliminating all references to the 
names of the individuals for aU transactions. A buyer, for 
example, would include his ID in CPO 100 rather than his 

60 name, preventing the seller receiving CPO 100 from dis- 
covering the buyer's identity. This is desirable if the buyer 
were a biotech firm that did not want rivals to know the type 
of lab equipment that the company was looking for. 

In a similar manner, sellers may also want to keep their 

65 identity a secret. An airline might not want the public to 
know that they are heavily discounting fares between certain 
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Although using ID numbers can provide anonymity, both 
for buyers and sellers, there are a number of potential 
weaknesses. First, if the database of ID numbers, stored in 
buyer database 255 or seller database 266, and their respec- 
tive buyers/sellers is compromised, anonymity is destroyed 
since the message sender can be looked up in buyer database 
255 or seller database 260. To prevent this, the ID numbers 
are encrypted with the public key of central controller 200, 
so that even if It is stolen it is useless without the private key. 

Although we have described only one possible method for 
maintaining anonymity, there are other equivalents. For 
exan^le. if the embodiment included telephone messaging, 
the identity of the buyer and seller could be maintained using 
conventional voice modification techniques. If CPO 100 or 
seller response 110 were in a paper form, the form could be 
scanned using optical character recognition and translated 
into digital form, discarding any information that could be 
found in the original document. 

Trusted Server Embodiment 

In one embodiment of the present invention, central 
controller 200 is separated into three distinct elements: 
operations server 160, misted server 165, and bonding 
agency 170. Each server performs a distinct task in the 
process of managing CPO 100. This separation makes it 
mcs-e difficult for attackers to conq>romise the system, as 
they must defeat the security of three separate systems 
instead of one. As indicated in FIG. 20, these servers work 
in conjunction with buyer interface 400 and seller interface 
300. Operations server 160 has the task of posting CPOs 
100, and accepts all transactions jweviously authenticated by 
trusted server 165, Trusted server 16S authenticates the 
identity of buyers and sellers, while bonding agency 170 
verifies the ability of buyers to pay and the ability of sellers 
to deliver on bound CPOs 100. In this embodiment, each 
server type may be distributed over a number of servers. 

The following protocols describe the interactions of the 
three servers and assume the following: 

1. Everyone knows the public keys of operations sexvet 
160, trusted server 165, and bonding agency 170. 

2. The buyer and potential seller have bond certificates 
172. as discussed below. 

3. Public keys can be used both for encryption and for 
signing. 

Before CPO 100 is accepted by operations server 160. it 
must bear the digital signature of both trusted server 165 and 
bonding agency 170. Because of this. CPO 100 contains two 
additional elements — a trusted server ID and a bond certifi- 

The trusted server ID is the ID number of the trusted 
server 165 which authenticated the buyer who created CPO 
100. The "bond certificate" is a public key certificate, with 
the certifier (bonding agency 170) specifying a set of valid 
dates for bond certificate 172. a limit to the amount covered, 
and a set of additional conditions. These additional condi- 
tions may require on-line checking of a revocation list, may 
specify operations server 160 and trusted server 165 to be 
used, etc. The private key ccsxesponding to the public key 
certified is not known to bonding agency 170 — only to the 
user. Knowledge of that private key is used as proof of 
identity for the bondholder. (This allows buyer and seller 
anonymity in many cases, though of course, neither will be 
anonymous to bonding agency 170 except in very special 

Bond certificate 172 for flie buyer will be referred to as 
BCfl, while the corresponding public and private keys will 
be referred to as PK^ and SK^, respectively. 
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CPO 100 is posted by an interaction between the buyer, 
trusted server 165, and operations server 160. This part of 
the protocol is possible with nothing more than encrypted 
e-mail transmitted among the parties. 

5 Before CPO 100 may be posted, the buyer must get 
approval from trusted server 165. This is required so that 
both the buyer and operations server 160 know that trusted 
server 165 they've designated to decide whether or not the 
contract has been fulfilled is actually willing to accept CPO 

10 100. Operations server 160 will not accept CPO 100 without 
a TRUSTED_ACCEPTANCE message as described below. 

The trusted server 165, in turn, will not issue a 
TRUSTED_ACCEFTANCE unless it is convinced that the 
buyer's CPO 100 is fresh (not a replay), and that the buyer's 

13 abitity to pay is guaranteed by bonding agency 170. The 
buyer must also be convinced that he is being issued a Iresh 
TRUSTED_ACCEFTANCE. 
The protocol works as follows: 

1. The buyer forms 

2C Uo="REQUESr FOR TRUSTED APPROVAL" 

Xo=Uo. CPO, Rq. Additional Terms and sends to trusted 

server 165 
Mo=PKEp^^ (Xo. Sign sk, (Xq)). 

2. Trusted server 165 responds with 

25 Ui="TRUSTED CPO CHALLENGE" 
Ri=a 160-bit random number 
Xi=Ui hash (Xo). Ri and sends to the buyer 
M,=PKE^jt, (Xi. Signsx^ (X^)). 

3. The buyer responds to this with 
^ U2="BUYER CPO RESPONSE" 

X2=U2. hash (Xi) and sends to trusted server 165 
M2=PKEpjf^ (X^. SignsK, (X^)). 

4. Trusted server 165 responds with 
Uj='TRUSTED CPO ACCEPTANCE" 
T3=Timestaiiip 

X3=U3. hash (Xj). T3. CPO and sends to the buyer 
M3=PKEpjf^ (X3. Signsj^^ (X3)). 

5. The buyer stores Xj as TRUSTED_ACCEPTANCE. 
In order for q>erations server 160 to post CPO 100. it 

must be convinced that CPO 100 has a fresh TRUSTED_ 
ACCEPTANCE, and that it is guaranteed by bonding agency 
170. This works as follows: 
1. The buyer forms 
, Rg^andom 160-bit number 

Uo="CPO SER'VER SUBMISSION" 

Xo=Uo. Ro. TRUSTED_ACCEPTANCE and tiien 

sends to operations server 160 
Mo=PKEp^^ (Xo, Sign^j,. (Xo)). 
5Q 2. Operations server 160 receives Mq and verifies it. If it's 
fresh (not a replay), and if operations server 160 is 
willing to post CPO 100, it forms 
Ri=a random 160-bit number 
Ui="SERVER CPO CHALLENGE" 
55 Xi=Ui, hash (Xo), Rj and then encrypts and sends to 

Mi=PKEpK^ (Xi, SigUsK, (Xi)). 

3. The buyer forms 

U2="CPO RESPONSE TO SERVER CHALLENGE 
go "and then sends to operations server 160 

Ur-PREpK, (Xj. SignsK, (X2)) 

4. If this message's signature verifies properly, then 
operationssCTver 160 posts the CPO. Operations server 
160 forms 

65 U3="POSTED CPO RECEIPT" 
CPO=U3. hash(X2), CPO. 
It then sends to the buyer 
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M3=PKEpj; (CPO, Sign^^ (CPO)). 2. The potential seUer forms 

At the end of* this protocol, the buyer has a receipt to Ui="CPO OFFER TO BIND" 

acknowledge that his CPO 100 has been posted, and opera- Rx=a random 160-bit number 

tions server 160 is convinced that the holder of bond Xj=Ui. hash (Xq). Ri. Offer Details and encrj'pts and 

certificate 172 has just agreed to CPO 106. and has the 5 sends to operations server 160 

approval of trusted server 165. M j=PKEpjfj(X,. Aulh^^ (XJ). 

The potential seller has a bonding certificate 172 (BCp) of 3. if the offer is acceptable to operations server 160. then 

his own. Before he is allowed to browse CPOs 100 in real forms 

time (with the ability to bind them), he must go through a U.,="SERVER BINDING OF CPO" 

protocol. (CPOs 100 may be available to people who aren't T=timestamp 

browsing, but nobody is allowed to bind CPOs 100 until x,=U,. hash (X,). BCp. T, CPO, Offer DetaUs and 

they go through this protocol.) The puipose of this protocol -encrypts and sends to the potential seller 

is to prove that the seller is guaranteed by bonding agency =PKE (X Sign (X )) 

170 to be capable of deliveriiig the required goods, and also ^ J^^^^.^^ "seller'tores X,. Sign,^ (X,) as 

to decrease the computational load on operations server 160 BOUND CPO =■ ^i^s 

by estabUshing a seaet authentication key, K^. AU of this ' "Offer Details" field of BOUND CPO specifies the 

decreases the computatonal expense of aUowing the poten- ^^^^^^^^^ „f cpq 100. In most cases, this will involve 

tial seller to browse CPOs 100. delivering some goods in exchange for payment, possibly in 

1. The potenUal seller forms tj,^ presence of an agent from trusted server 165. In some 
Ro-a random 160-bit nimiber ^,^3^^ however, this will involve intermediaries, to preserve 
T-a time range ^ „ . anonymity for the potential buyer, the seller, or both, it is 
Uo="REQUEST FOR ACCESS TO BROWSE" i„^itant that the potential seller has the BOUND_CPO so 
Xo=Uo. Ro. T. BCp and sends to operations server 160 jj,^, ^^^^^ j^j^ 1^^^^ ^^ ^uyer or an intermediary 
Mo-PKE^,:, (Xq, Sign^^^ (X^)) ^ ^j^^pj^ challenge-response protocol. 

2. Operations server 160 decides whether to grant the jjjjj of protocols describes one possible implementa- 
potential seller access. If so. it forms ^f ^ infrastructure to support CPOs 100. It is important 
Ri=a random 160-bit number ,0 operations server 160. trusted server 165. and 
U.="SERVER BROWSE-ACCESS CHALLENGE" bonding agency 170 can conceivably be the same entity. In 
Xi=Ui. hash (Xo). R, and sends to the potential seller. (his case, these protocols can be dramatically simplified. 
Mi=PKE^^, (X,. Sign^^^ (XO). 30 Barter Embodiment 

3. The potential seller responds by forming Not all transactions require the transfer of money from 
U2="BROWSE- ACCESS RESPONSE" and sends to buyer to seUer. In a barter transaction the distinction between 

operations server 160 buyer and seller disappears, resulting in a contract between 

M2=PKEp^^ (Xj. Sign^^^ (Xj)). a first party and a second party. The first party posts CPO 

4. Operations server 160 verifies the signature, and then 35 100. and the second party binds it Instead of getting cash, 
the second party receives goods from the first party. A first 
party who wanted to get rid of a motorcycle, for example. 

Kp=a random secret key to be used for binding CPOs could post CPO 100 in which he offered to exchange the 

100. motorcycle for a first class ticket from New York to London. 

T=a time range (from first protocol message) 40 Arbitration Protocols 

X3=U3. hash (X2). T. Kp and sends to the potential Although the previous embodiments have described the 

seller delivery of goods from seller to buyer as the end of the 

M3=PKE/,jr^ (X3. Sign^jcj (X3)). process, there will inevitably be disputes arising from some 

At the end of this protocol, the potential seller holds the ttansactions. requiring follow-up activity to resolve these 

secret shared key with which he is allowed to bind CPO 100. 45 disputes. The present invention can support dispute resolu- 

within the time limits specified in flie last message. The tion in two ways. 

potential seller and operations server 160 are both convinced First, language can be built into every CPO 100 requiring 

that they have interacted with one another in real-time, and that both parties submit to binding arbitration of all disputes, 

operations server 160 knows that the potential seller's helping to avoid more costly and time consuming legal 

capacity to deliver on bound CPOs 100 are guaranteed by 50 battles in a court of law. Additionally, liquidated damages 

bonding agency 170. may be set which specify damage amounts for particular 

As the potential seller browses CPOs 100, each is sent to infractions of CPO 100. 

him by operations server 160. authenticated under Kp. and Second, cenfral controller 200 can support the arbitration 

including a random challenge to prevent replay attacks. process by providing an arbiter for each dispute. Such 

When the potential seller wants to bind one. he forms an 55 arbitration might be required when goods shipped from the 

offer to bind CPO 100, and sends it, along with the hash of seller do not coirespond to the conditions of CPO 100. A 

the authenticated CPO 100. authenticated under K^. Opera- buyer seeking a non-stop airline ticket, for example, might 

tions server 160 is convinced that this is a valid offer to bind seek damages against a seUer who delivered a ticket with 

CPO 100. and that it's happening in real time. It responds by one or more stops. Similarly, a business traveler whose CPO 

sending him BOUND_CPO. 60 100 for a non-smoking hotel room might seek damages from 

L Operations server 160 forms the hotel which bound the CPO with a smoking room. 

Uq="CPO OFFER" Instead of seeking damages, the buyer may seek replacement 

Ro=a random 160-bit number. of the goods, such as another airline ticket that was non-stop. 

Xo=Uo. Ro- CPO description and sends the potential In an arbitration involving airline tickets, the buyer may 

seller 65 submit a copy of the ticket to central controller 200 along 

Mo=PKEpyc^ (Xo. Author (XO)). (Note that this step is with the tracking number of CPO 100. allowing the arbiter 

repeated for each CP6 100 browsed.) to establish whether or not the seller fulfilled the conditions 
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of CPO 100. Sellers may also initiate arbitration proceedings 
if they have shipped the goods and have not yet received 
payment from the buyer. 

In an alternative embodiment, transaction data can be sent 
to third party arbiters outside the system. Central controller : 
200 may send a copy of CPO 100. seller response 110. and 
purchase confirmation 120 to the arbiters. Cryptographic 
keys may also be provided to the arbiters if there are 
questions of authenticity or non-repudiation. 
Applications of the Invention i 
In order to clarify the application of the present invention, 
the following exatnples demonstrate potential needs of end 

CPO: Airline tickets 
Four tickets needed i 
From Chicago. O'Hare or Midway to Phoenix. 
Leaving on April 12 or 13 
Returning on April 18 or 19. 
Any of the six largest carriers acceptable. 
Change of planes is acceptable if layover is less than 2 2 
hours. 

I'll bind at S180 per ticket, excluding tax. 
CPO: Hotel accommodations 
Five nights lodging 

Arrive April 12 or 13. Depart April 18 or 19 ^ 
Within 30 minutes drive time of downtown Phoenix. 
Double bed 
Non-smoking 

Hotels, motels or bed & breakfasts are acceptable 
Must be AAA approved or Mobil 2* or better. ^ 
I'll bind at $55 per night (excluding tax). 
CPO: New car purchase 
1997 Ford Taurus 

Must be in dealer stock ^ 

GL package w/air conditioning 

AM/FM/Cassette (Stock #1224-099) 

May have other options already installed 

Can be white, tan, green or maroon 

Must have 100 miles or less, never titied. , 

No dealer demo cars 

DeUvered to me no later than Jul. 15. 1996 
Loan pre-approval: Chase Manhattan #1220-998- 
887AD-21 

I'll bind at $21,350 ^ 
CPO: Car insurance 
1997 Ford Taurus 
1 driver, age 40. male 
Reside in Ridgefield, Conn. 

Drive to work 30 miles 5 
Collision included 
$500 deductible 
Glass coverage included 
No speeding infractions in last 3 years 
No accident in past 3 years 5 
IMM liability umbrella 
Driver's license # Conn. 1222-221-2298 
Carrier must be rated A or better by AM Best. 
I'll bind at $1,200 per year 
CPO: U.S. silver dollars 5 
1886 Moi^an 
Philadelphia mint mark 
Sealed in ANA packaging 
MS94 or better grade 

I win purchase up to 6 total 5 
Sellers may fuMll all or part of order 
rU bind at $225 each 
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Offer Administrator: Coinworld. P.O. Box 1000, N.Y.. 
N.Y. Mr. K. Smith 212-222-1000 
CPO: Industrial commodity 
My company wants to purchase 40 tons of steel 
Grade 120 

DeUvered FOB to NY. N.Y. 

Class 4 Slabs or Class 12 ingots 

Alloy RT-12 or equivalent 

DeUver by Aug. 1. 1996 
I Maximum price known to Citibank 

First bid below maximum will bind 

Citibank to provide instant price verification 

1 bid per supplier per day (GMT) 

E-mail @ metals.biddesk4022Citi.com 
i Letter of Credit payment. Citibank 100-887-9877 
CPO: Credit Card Application 

VISA Gold Card 

Credit line $5,000 

Interest rate 12% or lower 

rU bind at $10 per year 

Financial history available at http://www.provider/ 
~shapiro23 
CPO: Reward for Reftjrn 
Briefcase lost with important computer dislts inside 
Disks labeled RT-554 IBM 
Case is brown leather, brass snaps, RL monogram 
Left on NYC subway, Apr. 7, 1996 F Train. 
I'U bind at $500 

Provide lost & found receipt # to claim reward 
Offer Administrator: NYC Police Lost & Found 
Mr, K. Smitii 212-555-1000 
Those skilled in the art will recognize fliat the method and 
apparatus of the present invention has many applications, 
and that the present invention is not limited to the repre- 
sentative examples disclosed herein. Moreover, the scope of 
the present invention covers conventionally known varia- 
tions and modifications to the system components described 
herein, as would be known by those skilled in the art. 
What is claimed: 

1. A method for using a computer to facilitate a transac- 
tion between a buyer and at least one of sellers, comprising; 

inputting into the computer a conditional purchase offer 
which includes an offer price; 

inputting into the con:q)uter a payment identifier specify- 
ing a credit card account, the payment identifier being 
associated with the conditional purchase offer; 

outputting the conditional purchase offer to the plurality 
of sellers after receiving the payment identifier; 

inputting into the computer an acceptance from a seller, 
the acceptance being responsive to the conditional 
purchase offer; and 

providing a payment to the sella by using the payment 
identifier. 

2. The method of claim 1. in which the step of inputting 
into the computer an acceptance comprises: 

inputting into the computer an acceptance from each 
member of a set of sellers, the set of sellers comprising 
at least one seller, each acceptance being responsive to 
the conditional purchase offer; 
and further comprising: 

selecting one received acceptance, thereby determining 

a selected seller of the set of sellers; 
and in which the step of providing a payment corn- 
providing a payment to the selected seller by using 
the payment identifier. 
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3. The method of claim 2. in which the step of selecting each acceptance being responsive to the conditional 
one received acceptance comprises: purchase offer; 

determining a first received accepunce, thereby determin- select one received acceptance, thereby determining a 

ing a first seller of the set of sellers; selected seller of the set of sellers: and 

and in which the step of providing a payment comprises: 5 provide a payment to the selected seller by using the 

providing a payment to the first seller by using the payment identifier, 

payment identifier 14. The apparatus of claim 13. in which the processor is 

4. The method of claim 1. further comprising: further operative with the program to: 

determining if a predetermined amount is available in the determine a first acceptance received, thereby detemiin- 

credit card account. ing a first seller of the set of sellers; and 

5. The method of claim 1. in which the step of providing provide a payment to the first seller by using the payment 
a payment comprises; identifier. 

transferring payment firom the buyer to the selected seller. 15, The apparatus of claim 12, in which the processor is 

6. The method of claim 1, in which the step of providing further operative with the program to: 

a payment comprises: determine if a predetermined amount is available in the 

transmitting the payment identifier to the selected seller. credit card account. 

7. The method of claim 1. further comprising: 16. The apparatus of claim 21, in which the processor is 
outputting to the buyer a request for an authorization to further operative with the program to: 

use the payment identifier to provide payment it an 20 transfer payment from the buyer to the seller, 

acceptance is received; and 17. The apparatus of claim 12. in which the processor is 

mputting into the computer the authorization from the further operative with the program to: 

buyer in response to the request. transmit the payment identifier to the seller. 

8. The method of claim 1. in which the step of inputting 18. The apparatus of claim 12, in which the processor is 
into the computer an acceptance comprises: 25 further operative with the program to: 

inputting into the computer an acceptance from each of a output to the buyer a request for an authorization to use 

set of sellers. ttte payment identifier to provide payment if an accep- 

9. The method of claim 1 in which the conditional tance is received; and 

purchase offer includes an expiraUon date and is non- receive the authorization firom the buyer in response to the 

revocable prior to the expiration date. so request. 

10. The method of claim 1, further comprising: 19 -phe apparatus of claim 12, in which the processor is 
determining an active period during which the conditional further operative with the program to: 

purchase offer is active; receive an acceptance firom each of a set of sellers, 
and in which the step of inputting into the computer an 20. The apparatus of claim 12. in which the conditional 
acceptance is performed during the active period. 35 py^^jj^jg ^g^^ includes an expiration date and is non- 
11. The method of claim 1, further comprising: revocable prior to the expiration date, 
inputting into the computer a revocation of the conditional 21. The apparatus of claim 12, in which the processor is 
purchase offer after the step of receiving an acceptance; further operative with the program to: 
and in which the step of providing a payment com- ^ determine an active period during which the conditional 
prises: purchase offer is acdve; and 
providing a payment of a predetermined amount to the ^^^-^^ acceptance during the active period. 

22. The Miparatus of claim 12, in which the processor is 

12. An apparatus for facihtating a transaction between a ^^^^ operative with the program to: 

buyer and at least one of a plurality of sellers, comprising: . ..j j-^- , i. a a 

' *^ •' 45 receive a revocation of the conditional purchase offer after 

a storage device; and receiving an acceptance; and 

a processor connected to the storage device. p^^^j^g ^ payment of a predetermined amount to the 

the storage device storing seller, 

a program for controUing the processor; and 23. A method for using a computer to facilitate a trans- 

the processor operative with the program to receive a 50 action between a buyer and at least one of a plurality of 

conditional purchase offer which includes an offer sellers, con^rising: 

P"'^*' .„ . . , inputting into the computer a conditional purchase oflfer 

r...i.. a paymenUM "^^^^Z^ which includes an offer price; 

inputting into the computer a payment identifier specrfy- 



t, the payment identifier being associated 
with the conditional purchas ~ 



, , ^ . •■ 1.1 . ing a financial account, the payment identifier being 

make the conditional purchase offer available to the • . ^ ... j-.- . 1. ^ 

, t „ - - » associated with the conditional purchase offer; 
plurality of sellers after receivmg the payment 

identifier- outputting to the buyer a request for authorization to use 

receive an acceptance from a seUer, the acceptance the payment identifier to provide a payment it an 

being responsive to the conditional purchase offer; 50 acceptance is received; 

and inputting into the coii^)uter authorization from the buyer 

provide payment to the seller by using the payment in response to the request; 

identifier. outputting the conditional purchase offer to the plurality 

13. The apparatus of claim 12, in which the processor is of sellers after receiving the payment identifier; 
further operative with the program to: 65 inputting into the computer an acceptance from a seller, 

receive an acceptance from each member of a set of the acceptance being responsive to the conditional 

sellers, the set of sellers comprising at least one seller. purchase offer; and 
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providing the payment to the seller by using the payment 
identifier. 

24. The method of claim 23, in which the step of inputting 
into the computer an acceptance comprises: 

inputting into the coraputer an acceptance from each 
member of a set of sellers, the set of sellers comprising 
at least one seller, each acceptance being responsive to 
the conditional purchase offer; 
and further comprising; 

selecting one received acceptance, thereby determining 

a selected seller of the set of sellers; 
and in which the step of providing a payment corn- 
providing a payment to the selected seller by using 
the payment identifier. 

25. The method of claim 24, in which the step of selecting 
an acceptance received comprises: 

determining a first acceptance received, thereby determin- 
ing a first seller of the at least one seller; 
and in which the step of providing a payment comprises: 
providing a payment to the first seUer by using the 
payment identifier. 

26. The method of claim 23. in which the financial 
account is a credit card account. 

27. The method of claim 26. further comprising: 
determining if a predetermined amount is available in the 

credit card account. 

28. The method of claim 23. farther comprising: 
transferring payment from the buyer to the seller. 

29. The method of claim 23 In which the step of providing 
a payment con^rises: 

transmitting the payment identifier to the seller. 
36. The method of claim 23. in which the step of inputting 
into the coiiq>uter an acceptance comprises: 
inputting into the computer an acceptance from each of a 
set of sellers. 

31. The method of claim 23. in which the conditional 
purchase offer includes an expiration date and is non- 
revocable prior to the expiration date. 

32. The method of claim 23. further con^sing: 
determining an active period during which the conditional 

purchase offer is active; and in which the step of 
inputting into the computer an acceptance is performed 
during the active period. 

33. The method of claim 23. further con^sing: 
inputting into the con^uter a revocation of the conditional 

purchase offer after the step of receiving an acceptance; 
and in which the step of providing a payment com- 
prises; 

providing a payment of a predetermined amount to the 
seller. 

34. An apparatus for facilitating a transaction between a 
buyer and at least one of a plurality of sellers, comprising: 

a storage device; and 

a processor connected to the storage device, 
the storage device storing 

a program for controlling the processor; and 
the processor operative with the program to 

receive a conditional purchase offer which includes 
an offer price; 



36 

receive a payment identifier specifying a financial 

account, the payment identifier being associated 

with the conditional purchase offer; 
output to the buyer a request for an authorization to 
5 use the payment identifier to provide a payment if 

an acceptance is received; 
receive the authorization from the buyer in response 

to the request; 
transmit the conditional purchase otter to the plural- 

ity of sellers after receiving the payment identifier; 
receive an acceptance from a seller, the acceptance 

being responsive to the transmitted conditional 

purchase offer; and 
provide the payment to the seller by using the 

payment identifier. 

35. The apparatus of claim 34. in which the processor is 
further operative with the program to: 

receive an acceptance from each member of a set of 
sellers, the set of sellers comprising at least one seller, 
each acceptance being responsive to the conditional 
^ purchase offer; 

select one received acceptance, thereby detertnining a 

selected seller of the set of sellers; and 
provide a payment to flie selected seller by using the 
2j payment identifier. 

36. The apparatus of claim 35. in which the processor is 
further operative with the program to: 

determine a first acceptance received, thereby determin- 
ing a first seller of the set of sellers; and 
30 provide a payment to the first seller by using the payment 
identifier. 

37. The apparatus of claim 34, in which the financial 
account is a credit card account. 

38. The apparatus of claim 37. in which the processor is 
35 further operative with the program to: 

determine if a predetermined amount is available in the 
financial account 

39. The apparatus of claim 34. in which the jrocessar is 
further operative with the program to: 

40 transfer payment from the buyer to the sella. 

40. The apparatus of claim 34. in which the processor is 
further operative with the program to: 

transmit the payment identifier to the seller. 

41. The ^paratus of claim 34, in which the p-ocessor is 
45 further operative with the program to: 

receive an acceptance from each of a set of sellers. 

42. The apparatus of claim 34, in which the conditional 
purchase offer includes an expiration date and is non- 
revocable prior to flie expiration date. 

50 43. The apparatus of claim 34. in which the processor is 
further operative with the program to: 
detennine an active period during which the conditional 

purchase offer is active; and 
receive an acceptance during the active period. 
44. The apparatus of claim 34. in which the processor is 
further operative with the program to: 

receive a revocation of the conditional purchase offer after 
receiving an acceptance; and 
^ provide a payment of a predetermined amount to the 
seller. 
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